You can now check whether a device has a recent security update
Play Integrity API offers enhanced security signals, like the optional “meets-strong-integrity” and “meets-basic-integrity” responses in the device recognition verdict, to help you decide how much you trust the environment your app is running in. Now, we’re updating the “meets-strong-integrity” response to require a security update within the last year on devices running Android 13 and above. This update gives apps with higher security needs, like banking and finance apps, governments, and enterprise apps, more ways to tailor their level of protection for sensitive features, like transferring money. When the strong label isn’t available for the user, we recommend that you have a fallback option.
Not sure why this didn’t exist already, but this is a good idea. Also according to the blog, this is not mandatory as of now and will become mandatory next year, in May.