192
EU age verification app to ban any Android system not licensed by Google (www.reddit.com)
submitted 1 week ago* (last edited 1 week ago) by Gsus4@mander.xyz to c/technology@lemmy.world
72 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[-] artyom@piefed.social 149 points 1 week ago* (last edited 1 week ago)

Please don't link to Reddit. Context below:

The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.

Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:

  • The operating system was licensed by Google

  • The app was downloaded from the Play Store (thus requiring a Google account)

  • Device security checks have passed

While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.

This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.

The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.

[-] dubyakay@lemmy.ca 33 points 1 week ago

So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn't lock them in to google services.

[-] artyom@piefed.social 29 points 1 week ago

According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.

[-] ggtdbz@lemmy.dbzer0.com 9 points 1 week ago

I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it.

Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”.

I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU.

[-] iii@mander.xyz 5 points 1 week ago* (last edited 1 week ago)

To avoid people from simply copying the "age proof" and having others reuse it, a nonce/private key combo is needed. To protect that key a DRM style locked down device is necessary. Conveniently removing your ability to know what your device is doing, just a "trust us".

Seeing the EU doesn't make any popular hardware, their plan will always rely on either Asian or US manufacturers.

load more comments (14 replies)
[-] Appoxo@lemmy.dbzer0.com 2 points 1 week ago

Wouldnt it be enough to verify through IMEI to make sure the OS isnt emulated?

[-] UnfortunateShort@lemmy.world 72 points 1 week ago* (last edited 1 week ago)

Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it's one legal case until they have to revise it.

Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification

[-] SaharaMaleikuhm@feddit.org 14 points 1 week ago* (last edited 1 week ago)

Yes and the PC app you connect the Android app to also works on Linux. It's even on flathub. Pretty nice, can't complain.

[-] gian@lemmy.grys.it 10 points 1 week ago

Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification

Same in Italy... I mean, I can pay taxes with that application but I cannot be verified for my age ? Seriously EU ?

load more comments (1 replies)
[-] boonhet@sopuli.xyz 9 points 1 week ago

EID and equivalents are great for a lot of things, but do you want your porn site to know who you are? The new app is supposed to verify your age but not give out your PII. Not sure eID can do that?

[-] tribut@infosec.pub 11 points 1 week ago

EID can be used for anonymous age verification. It doesn't even need to give out your birthday and can attest to any "over the age of X" requirement.

Ref: https://www.bfdi.bund.de/DE/Buerger/Inhalte/Telematik-Statistik-Verkehr-Bildung/Meldewesen-Statistik/Der_Personalausweis.html

[-] boonhet@sopuli.xyz 4 points 1 week ago

Ah, better than what we have in Estonia then

[-] Electricd@lemmybefree.net 66 points 1 week ago

Fuck the play integrity API, Play Store and Google play services

[-] iii@mander.xyz 8 points 1 week ago

And the EU for their stupid fucking censorship

[-] Electricd@lemmybefree.net 1 points 1 week ago

Sure, but it has some good sides as well

It's just a shame that they aren't just made of the good sides

[-] PushButton@lemmy.world 40 points 1 week ago

The US might have shot itself in the foot by electing Trump, but the EU is really going to shoot itself in the head if that continue in the same trajectory.

load more comments (3 replies)
[-] Blaster_M@lemmy.world 33 points 1 week ago

So, darkweb sites it is.

[-] Geth@lemmy.dbzer0.com 26 points 1 week ago

What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend?

At first I thought it's about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens?

[-] iii@mander.xyz 8 points 1 week ago* (last edited 1 week ago)

Why is the government so obsessed with parenting and nannying the citizens?

I think it's because people from outside the traditional political families are getting popular votes.

For the established politicians, blameing "the internet" and building a supressing censorship machine is easier than looking in the mirror and seeing where the discontent comes from.

[-] Bruncvik@lemmy.world 5 points 1 week ago

This is just my speculation, so take it as you will. The EU has been pushing for digital ID cards for quite a while, and this is just another attempt. The last serious attempt was the Covid vaccination passport, but so many people still opted for paper certs, and the rest deleted the app when vaccination was no longer mandatory, that it failed again. So, now the authorities are becoming smart and trying to go through the vector that has a proven record of driving technological change: porn.

[-] Vinstaal0@feddit.nl 3 points 1 week ago

This has been discussed a while back, at least here in NL as far as I know it started because of legalising online gambling for which you need to be identified. Also, due to GDPR, businesses aren't allowed to make copies of ID's/passports/driving licences any more which is required for certain businesses (notaries, accountants, etc). In my office we currently use some kind of identification software, but it isn't anonyms because well we wouldn't be able to do our job.

[-] Prime@lemmy.sdf.org 3 points 1 week ago

This sounds like a misunderstanding of gdpr to me?

[-] Vinstaal0@feddit.nl 1 points 1 week ago

There is a bit of a conflict between the laws requiring certain companies to identify their clients and GDPR in basis, but there is something in GDPR that allows these companies to still collect the relevant data and use it or to verify the data and not store it depending on the use case.

The whole use case thing is even the reason why companies are allowed to collect data from you. You couldn't get anything delivered if this exception wasn't there, because they wouldn't be allowed to progress your address.

At least that's what I gathered from the Dutch implementation the AVG, when I last read it a couple years ago.

[-] WhatAmLemmy@lemmy.world 2 points 1 week ago

Fascism is making a comeback, and everyone's dumb enough to believe it's an America problem, instead of a global oligarchy, class war, problem.

[-] General_Effort@lemmy.world 2 points 1 week ago

Been wondering myself. It's certainly part of the general right-ward trend. Societies are becoming more illiberal. It's not just the right that is moving to the right.

Obscenity laws have always been about enforcing the "correct" sexuality. Protecting minors meant preventing them from becoming "confused"; ie becoming LGBTQ.

You also have growing nationalism. In Europe, people are saying we should enforce "our laws" and "our values" against meddling foreigners (ie Big Tech). It often sounds a lot like the rants against the "globalists" that have been a staple among the US far right for decades. Age verification is part of that.

For example, Germany has long enforced age verification within its borders. It's part of the whole over-regulation thing that makes competitive tech companies almost impossible in Europe. For some reason, Europeans have trouble accepting that. You can see it here on Lemmy. The solution must be to enshittify everything to level the playing field.

[-] Gsus4@mander.xyz 1 points 1 week ago

Too many bots online :D I'd like to know if I'm talking to a real sockpuppet when I'm online :D...but just for that and only share data from my "wallet id" on a strict need to know basis.

load more comments (4 replies)
[-] Wolf@lemmy.today 25 points 1 week ago

What's going on with Europe lately? You all really want GOOGLE of all mega corps in control of your identity?

You're going the opposite way, it should be your right to install an alternate OS on your phone. If anything they should be banning Google licensed Android.

[-] BrightCandle@lemmy.world 10 points 1 week ago

Its not the populace, our politicians just like in the US have gone rogue. People are voting for the nutters due to anti immigration propaganda and so increasingly getting far right. Its happening across the entire western world and its bad news for everyone.

[-] dreadbeef@lemmy.dbzer0.com 1 points 1 week ago

had a hope for europe to actually be socialists, at least no one ever confuses america for being left

load more comments (1 replies)
[-] Gsus4@mander.xyz 9 points 1 week ago

I just wanted the EU to fork lineageOS and provide it as an alternative in major chains.

[-] Wolf@lemmy.today 3 points 1 week ago

I miss LineageOS so much, my last couple of phones haven't had a build of it and my asshole banking apps wont work on it now.

For my next phone i'm just not going to buy one unless it's already supported and if I have to skip online banking I'll do it.

[-] viking@infosec.pub 23 points 1 week ago

So VPN on the router permanently set to Singapore it is.

[-] ggtdbz@lemmy.dbzer0.com 7 points 1 week ago

Apparently this is illegal to implement as of right now, but it’s not helping the feeling of technological doomerism I get whenever I think about this whole identity verification situation.

[-] QueenHawlSera@sh.itjust.works 17 points 1 week ago

They killed the old net and are in the middle of murdering the new one too.

[-] a1studmuffin@aussie.zone 17 points 1 week ago

It hurt itself in its confusion!

[-] tabular@lemmy.world 6 points 1 week ago

Google Pain Services

[-] dugmeup@lemmy.world 10 points 1 week ago

Wut?!?!

[-] carrylex@lemmy.world 7 points 1 week ago

European Digital identity

looks inside:

Hosted on GitHub in the US 👏

[-] renamon_silver@lemmy.wtf 6 points 1 week ago

Why is the EU licking america's asshole?

[-] 0x0@lemmy.zip 2 points 1 week ago

'Cos it's been turning (far-)right as well in the last few years.

[-] joel_feila@lemmy.world 2 points 1 week ago

so if I use graphene os then I can't look at porn in the eu

[-] eleitl@lemmy.zip 1 points 1 week ago

Just use a VPN then.

load more comments (2 replies)
[-] cley_faye@lemmy.world 2 points 1 week ago

Well, I hope they'll pay for my "EU age verification" phone, since my own won't work. I'll gladly buy one and not use it either.

load more comments
view more: next ›
this post was submitted on 27 Jul 2025
192 points (99.5% liked)

Technology

73731 readers
1213 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws