EU age-verification app draws backlash over Google Play Integrity requirement
Original source
European "age verification" "app" forcing everyone to use Android or iOS
Hacker News →A proposal to add Google Play Integrity to the EU’s forthcoming age-verification app has ignited a heavily-subscribed discussion in the eu-digital-identity-wallet reference-implementation repository, drawing hundreds of comments and replies. Play Integrity is Google’s remote-attestation API, which lets an app cryptographically verify that it is running on a ‘genuine,’ unmodified device and OS. The paired mechanism on Apple’s side is App Attest. Critics argue that building the age-check flow on top of these attestation services would, in practice, restrict the app to stock Android and iOS.
The core objection is exclusion by design. Hardware- and OS-backed attestation typically fails on de-Googled Android builds, custom ROMs like GrapheneOS or LineageOS, rooted devices, Linux phones, and older or uncertified hardware — even though those platforms are often chosen specifically for privacy and security. Tying a government-mandated identity or age function to Google and Apple’s attestation gatekeepers effectively hands two US vendors veto power over which citizens can comply, and cements the mobile duopoly for a service that is supposed to be a public utility.
The volume of engagement signals that this is less a niche technical quibble than a flashpoint over how the EU’s digital-identity stack should treat platform independence, open-source software, and user autonomy. The decision sets a precedent: whether Europe’s identity infrastructure is built on open, verifiable standards, or whether ‘prove you are a real person on a real phone’ quietly becomes ‘prove you use an approved corporate operating system.’
Read the full article
Continue reading at Hacker News →This is an AI-generated summary. Read the original for the full story.