waag.org

European digital ID wallets rely on safety services of Google and Apple

donohoe · 694 points · 299 comments · yesterday

Comments

5 preview comments · loading full thread
Luker88yesterday

The EU reference for wallets strictly required google play services https://github.com/eu-digital-identity-wallet/eudi-app-andro... So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google. Nothing will change until the lawsuits start coming in. The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior. Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.

ulrikrasmussenyesterday

Even relying on Android's hardware attestation API instead of Play Integrity is an attack on digital autonomy in my opinion. Any security feature which relies on remote attestation of the users entire platform is government overreach as it ultimately gives the government the power to choose what operating systems are acceptable. It is only a matter of time before this power will be misused to put pressure on OS developers to install backdoors for the intelligence agencies. And no, asking people to own two smartphones is not a solution to this problem. Anonymous digital age verification based on a suitable ZKP scheme and/or blind signatures does not require a general purpose operating system, it just requires a few cryptographic primitives and a set of device-bound keys. It is not too much to ask that the EU develops a specialized hardware token with these exact capabilities and offer them for free to all citizens as an alternative to the app. This also gives the citizens of EU the freedom to choose not to own a smartphone without having their access to digital services severely restricted.

petcatyesterday

A European digital ID system that is entirely dependent on 2 US companies. Wasn't there some talk about the pressing need for European digital sovereignty recently? Or was that just performative nonsense?

nickslaughter02yesterday

Working as intended. EU wants you to use a device and OS they can fully control. Don't comply with some new ridiculous regulation? Your app will be banned. > EU App Store: Apple Removes Thousands of Apps Due to Digital Services Act Requirements > Apple’s app removals follow the Digital Services Act, a European law requiring all app traders to display verified contact details, including address, email, and phone number. https://www.techrepublic.com/article/eu-app-store-apple-digi... You think apps which wouldn't want to implement Chat Control will remain on the app store? EU to legislate about Chat Control behind closed doors (https://news.ycombinator.com/item?id=48707719)

phyzix5761yesterday

Regulations create monopolies. Even when regulations are aimed at curbing the control of giants, smaller players usually can't afford them and lose market share. This is actually taught as a competitive advantage strategy in business school. Corporations lobby the government to implement laws that seem to hurt them but in actuality create an uneven playing field where marketshare becomes available due to the higher implementation cost.