this post was submitted on 27 Jul 2025
0 points (NaN% liked)

Technology

technology@lemmy.world
82285 readers
4556 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
0
EU age verification app to ban any Android system not licensed by Google (www.reddit.com)
submitted 7 months ago* (last edited 7 months ago) by Gsus4@mander.xyz to c/technology@lemmy.world
3 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] artyom@piefed.social 1 point 7 months ago* (last edited 7 months ago) (2 children)

Please don't link to Reddit. Context below:

The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.

Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:

  • The operating system was licensed by Google

  • The app was downloaded from the Play Store (thus requiring a Google account)

  • Device security checks have passed

While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.

This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.

The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.

[–] dubyakay@lemmy.ca 0 points 7 months ago (1 child)

So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn't lock them in to google services.

[–] artyom@piefed.social 1 point 7 months ago

According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.