The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.

Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:

The operating system was licensed by Google The app was downloaded from the Play Store (thus requiring a Google account) Device security checks have passed While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won’t pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google “Play Integrity”, which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.

This also means that even though you can compile the app, you won’t be able to use it, because it won’t come from the Play Store and thus the age verification service will reject it.

The issue has been raised here https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.

    • antonim@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 days ago

      This is more likely to be consicous maliciousness, IMO. These programmers and lawmakers have immense resources and knowledge on their hands, I refuse to believe they were just dumb dumbs who failed to consider this problem arising.

  • tenchiken@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    2 days ago

    I don’t know many kids that are going to be compiling or rooting … The few that are out there certainly can bypass any age filter already anyway.

    This is purely about backdoor and/or identity tracking across multiple apps.

    I’d say I’m glad to not be in the UE, but I’m sure the US will get something worse any day now.

    Edit: typing on phone sucks. Meant EU.

      • tenchiken@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 days ago

        Yup, janky typing on my part. I’d been looking at moving to Amsterdam as several of my friends have done so already.

        My brother is in Oxford, and any chance I’d have had there was nixed after brexit.

  • ariadna@programming.dev
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 days ago

    Great app for tracking users and funneling EU citizens’ data straight to tech giants — love it! 😅