432
The new age verifying app for the EU will only accept Google Play integrity for Android, de-facto banning any aftermarket OS like GrapheneOS (github.com)
submitted 4 days ago by schizoidman@lemmy.zip to c/privacy@lemmy.ml
39 comments fedilink hide all child comments

cross-posted from: https://sh.itjust.works/post/42943610

Taken from the readme of the app on github:

The current release provides only basic functionality, with several key features to be introduced in future versions, including:

App and device verification based on Google Play Integrity API and Apple App Attestation

Additional issuance methods beyond the currently implemented eID based method.

These planned features align with the requirements and methods described in the Age Verification Profile.

There is an issue opened to remove this as it's basically telling us that to verify our age in the EU an American corporation has the last word, making it not only a privacy nightmare but a de-facto monopoly on the phone market that will leave out of the verification checks even the fairphone (european) with /e/os.

you are viewing a single comment's thread
view the rest of the comments
[-] utopiah@lemmy.ml 26 points 4 days ago

I agree with most concerns here but as a professional prototypist... people do not seem to understand here and on related issues what "reference implementation" means.

This is NOT supposed to be used! By anybody! This is basically a technical demonstration that shows how it can be done at all.

Think of this as a test suite rather than software proper.

Again, this does not mean it's OK to even suggest that Google and Apple are in any way acceptable bottleneck. I do believe those are terrible choices. I do also believe relying on them just to do a proof of concept or technical demonstration is quite "lazy" but I also bet that this was necessary due to the scope of the project, e.g. "deliver us an app that works in 6 months on an average mobile phone". I really don't think they had discussion on accessibility, inclusion, etc.

So... yes, do keep track and be concerned but also don't conflate a proof of concept with a maintained app that will be required to be used on all EU citizen mobile phones next year.

[-] xthexder@l.sw0.com 15 points 4 days ago

There's a big difference between a reference implementation and a proof of concept. A proof of concept just shows it's possible at all, but a reference implementation is meant as a reference for "you should do it this way". Expect most companies to just directly copy the reference because they'll feel it's a waste of time developing their own system that's in compliance.

[-] ell1e@leminal.space 13 points 4 days ago* (last edited 4 days ago)

This is definitely going to be copy&pasted as a foundation in many EU states. Therefore, that it requires Android and iOS at all, let alone Google Play, is a fundamental error. Some people avoid smartphones for good reasons, yet still access parts of the internet that may apparently soon be gatekept by this new age verification mechanism. Also see here.

load more comments (1 replies)
load more comments (1 replies)
this post was submitted on 28 Jul 2025
432 points (99.5% liked)

Privacy

40374 readers
560 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz