EU Digital ID Wallets Risk Strengthening Google and Apple Control
Original: European digital ID wallets are a gift to Google and Apple
Why This Matters
Digital ID wallets are critical public infrastructure; vendor lock-in threatens digital autonomy and contradicts EU regulatory objectives for interoperability and market competition.
European governments rolling out digital identity wallets rely on Google Play Integrity API and Apple's Managed Device Attestation for security, creating dependency on private companies and excluding users of alternative operating systems like e/OS and GrapheneOS from critical public services.
European member states are deploying digital identity wallets for citizen access to government services and age verification, but these systems depend on proprietary security services from Google and Apple. Google Play Integrity API and Apple's Managed Device Attestation use "remote attestation" to verify hardware integrity. However, these services enforce vendor ecosystem policies beyond security. Google's Play Integrity API checks whether devices run Google-licensed Android versions and treats unlicensed alternatives as security risks. It uses the Google Play Store as the source of truth, requiring Google account sign-in and Play Store installation. According to analysis by Follow the Money and Android Authority, this constitutes a violation of the EU's Digital Markets Act. The Netherlands and Italy have already implemented Play Integrity in their wallet systems, effectively excluding users of de-Googled operating systems. An alternative exists: Android's Hardware Attestation API provides hardware-based security without enforcing ecosystem policies. By embedding proprietary services into public digital infrastructure, EU governments risk reinforcing private tech monopolies while excluding citizens who choose alternative operating systems, contradicting the EU's stated goals of openness, inclusivity, and technological sovereignty in public services.