EU digital wallet age verification—want to link it to Google or Apple? Developers swarm GitHub, calling it a privacy nightmare

The EU Digital Identity Wallet’s age verification mechanism is being planned to be tied to Google Play Integrity and Apple App Attestation. The official GitHub discussion has drawn nearly 300 opposition comments, and developers have blasted the move as violating the interoperability principle that the specification itself sets out.
(Background: The EU issues a tough warning to Apple: if it doesn’t open up the iOS system, the heaviest penalty could be 20% of global revenue)
(Additional context: Europe has teamed up to launch a COVID-19 digital contact-tracing platform, but reports say the decentralized protocol “DP3T” was quietly removed)

Table of contents

Toggle

  • What commenters are upset about: both sovereignty and open standards fall short
  • Security researchers crack an App PIN in 2 minutes
  • Each country takes its own path: the Netherlands and Italy fully accept it, while Switzerland calls it off

The age verification specification for the digital identity wallet pushed by the EU (EU Digital Identity Wallet) is planning to bind the entire set of app and device authenticity verification checks into the Google Play Integrity API and Apple App Attestation. The moment the news broke, the official GitHub discussion thread was instantly flooded, and the developer community was almost unanimous in saying “don’t.”

This discussion thread, titled “Do not add Google Play Integrity integration,” was started by developer TheLastProject. The common demands in most comments are simple: age verification should not be locked to the proprietary services of two U.S. tech giants.

What commenters are upset about: both sovereignty and open standards fall short

Opponents’ first point of attack is the Netherlands identity app “Yivi” (formerly IRMA). This app has long been able to complete age verification without relying on Google services at all. It can even be listed on the open-source app store F-Droid—directly proving that Play Integrity integration is not a technical necessity.

The second point is that the specification contradicts itself. The EU digital identity wallet specification lays out three key principles; requiring binding to Google and Apple’s private verification services effectively violates both the “interoperability” and “open standards” items at the same time. Developers question how a specification that touts openness could end up recognizing only two U.S. companies.

The third point is digital sovereignty. Many comments emphasize that government services should not rely on third-party external services. With every additional layer of dependency comes an entire new set of potential cybersecurity risks. If Google or Apple changes policies, removes services, or suffers a systemic vulnerability, countries’ government identity verification mechanisms would be forced into a domino shutdown.

The Dutch nonprofit Waag Futurelab also joined the fight. In an article titled “European digital ID wallets are a gift to Google and Apple,” it said bluntly that these wallets rely on Google Play Integrity API and Apple’s device authentication mechanisms—effectively turning governments into executors of private companies’ platform policies. Waag also specifically pointed out that the design of the Google Play Integrity API may conflict with the EU’s Digital Markets Act (DMA), which aims to prevent large enterprises from monopolizing markets.

Security researchers crack an App PIN in 2 minutes

The threat model was also put under scrutiny. One commenter directly asked: to prevent bad actors from remotely compromising devices and stealing “adult” proofs to browse adult websites, is it really worth tying the whole system to hardware-based authentication? Others also questioned why age verification has to be made impossible without a native app; modern web apps paired with the Digital Credentials API can achieve the same outcome.

The doubts are not unfounded. A security researcher’s test found that on Android devices, by editing a plain-text preferences configuration file—deleting the encrypted PIN entry, and turning off the biometric boolean—within less than 2 minutes you can reset the App PIN, disable biometric login, and still fully extract the stored credentials; another researcher reproduced the issue and documented more problems, including that personal data is stored unencrypted.

The exclusivity imposed by the requirement has also drawn objections. Developers noted that users who do not install Google or Apple software—and people using de-Googled systems such as GrapheneOS and e/OS—would likely be excluded directly from digital identity services. Italy’s Italian Wallet has also been cited repeatedly as a cautionary example from the past, when there was a case involving a Play Integrity integration mishap.

Each country takes its own path: the Netherlands and Italy fully accept it, while Switzerland calls it off

Government stances vary across countries. The Netherlands and Italy currently adopt Google Play Integrity unconditionally, while Switzerland, citing considerations such as data protection, data sovereignty, and user choice freedom, switched to the authentication mechanisms built into Android and effectively gave up Play Integrity.

Suppliers also stepped in to put out the fire. Scytales, the age verification app provider, said that the integrity checks in its EU age verification app do not rely on Google or Apple. The open-source camp also proposed alternatives. One is “Unified Attestation,” initiated by Volla Systeme GmbH, which focuses on short-lived integrated attestation tokens and offline verification and can coexist with Play Integrity—an approach some commenters see as a compromise solution.

Multiple people who claim to work in cybersecurity said in the discussion that this is a “privacy and cybersecurity nightmare.” There are also more radical voices that argue outright against any online age verification or identity-checking system. But one thing is certain: the EU Digital Identity Wallet specification-making process has long been viewed as a global template. Once Google Play Integrity integration is finalized, it may become a fait accompli that other countries use as a reference. This protest is likely just the beginning.

AAPL4.10%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned