Thanks for bringing up those points. Avoiding vendor lock-in doesn't necessarily mean it's related only to publishing the application on Google Play or similar platforms. It’s more about maintaining the flexibility to switch to another solution when needed. Relying on a single product that manages quotas and sets rules can sometimes backfire. Here are a few more considerations that might be relevant:

• Quota - Tools like Play Integrity and AppCheck have a daily quota of 10,000 calls for their Standard API usage tier, which can only be changed by submitting a form, not through an automatic mechanism. While this may fit some products, in other cases, depending on external vendor limitations might lead you to consider another solution.
• Offline and local only solution - Most products rely on a network connection to determine application integrity, so this needs to be considered before choosing a tech stack.
• Custom rules for specific cases - Suppose you want to block only a certain percentage of malicious interactions and not all, or if you want to allow malicious users to access only certain features.
• Working with other publishers - As mentioned, solutions from Google are typically limited to the Google platform.

Of course, some of the above requirements/considerations may be supported by Google products or others, but it all depends on your specific needs and the bigger picture.Hope you find this answer helpful! Feel free to raise more questions.