I just have an old phone for all the banking stuff. And I use degoogled phones for real stuff. I don't need my bank when I'm out anyway.

Not using grapheneos though because pixels are expensive in my country. Also, I disagree with them on some points, like rooting. I don't think me having access to root makes my phone less secure. Obviously it should be secured properly so only I can use it, but that can be done. After all even an unrooted phone still has a root account and runs stuff as root, you just can't access it as a user. That means the OS vendor (grapheneos in this case) has more access rights on my phone than me (how else are they going to install updates), to me that's not right.

I just want to be able to inspect what is going on on my phone. What apps are storing about me on their private storage, and to be able to add root CAs so I can MITM their traffic to inspect it.

BankID, Swish and Swedbank's app work fine for me on GOS so I say go for it :)

I believe GrapheneOS would only be an issue if the Swedish gov decides on using the Google Play Integrity API instead of Android's hardware attestation API (and requiring their apps to whitelist GrapheneOS's keys). So their stance doesn't really change much in terms of how banking apps currently work with GrapheneOS.

Do the banking apps have features that the (mobile?) websites do not? Genuine question, I have no frame of reference for Swedish banks

Sounds like your issue is with your government.

You can have these apps on a separate device that lives in a drawer like paper documents would. We need to separate state from private life.

Likewise, my plan will be to have GrapheneOS as my "real" OS, and a cheap secondary phone for banking app and whatnot.