European digital ID wallets rely on safety services of Google and Apple
Reliance on Google/Apple and EU “Digital Sovereignty”
- Many see tying EUDI wallets to Google Play Integrity / Apple attestation as contradicting EU claims of digital sovereignty.
- Critics argue this effectively hands a core state function (ID and access to services) to two US corporations and, indirectly, the US government.
- Some note the EU legally forbids requiring smartphones, but fear non-digital fallbacks will be slow, inferior, or de‑facto unusable.
Remote Attestation and Security Model
- Core technical objection: wallet security relying on OS-level remote attestation lets platform vendors decide which OSes are “legitimate.”
- Opponents consider this inherently user-hostile and a tool for lock‑in and future backdoors.
- Others argue attestation can be useful (e.g., banking, anti‑fraud) but admit it’s routinely used as a hard binary, not a nuanced risk control.
Impact on Alternative OS and Digital Inclusion
- Users of GrapheneOS, AOSP forks, e/OS, Sailfish, Linux phones, etc. report or expect exclusion when apps demand Google/Apple attestation.
- Some call for lawsuits, DMA complaints, and coordinated user pressure on app providers.
- Concern that people without smartphones—or who reject Big Tech TOS—will be effectively shut out of services.
Regulation, Monopolies, and Politics
- Debate over whether regulation tends to entrench incumbents by raising compliance costs, versus being the only realistic way to curb monopolies.
- Several see this as a classic case of regulatory capture benefiting large US tech firms; others blame inertia, incompetence, or lack of EU funding for alternatives.
Proposed Alternatives and Design Critiques
- Suggestions include:
- EU-controlled attestation separate from Google/Apple.
- Mandatory support for smartcards and hardware tokens.
- Local-first, open protocols where government signs credentials and any client can selectively disclose attributes (e.g., “over 18”) without full tracking.
- Some criticize OpenID4VP/EUDI design as over‑complex, non‑anonymous, and verifier‑phone‑home centric.
Broader Civil Liberties and Surveillance Fears
- Many view digital ID, age verification, and chat‑control pushes as part of a coordinated trend to eliminate anonymity and expand state/corporate control.
- Worries include debanking, exclusion from society, and fine‑grained tracking of what citizens access, buy, and view.