European digital ID wallets rely on safety services of Google and Apple

Reliance on Google/Apple and EU “Digital Sovereignty”

  • Many see tying EUDI wallets to Google Play Integrity / Apple attestation as contradicting EU claims of digital sovereignty.
  • Critics argue this effectively hands a core state function (ID and access to services) to two US corporations and, indirectly, the US government.
  • Some note the EU legally forbids requiring smartphones, but fear non-digital fallbacks will be slow, inferior, or de‑facto unusable.

Remote Attestation and Security Model

  • Core technical objection: wallet security relying on OS-level remote attestation lets platform vendors decide which OSes are “legitimate.”
  • Opponents consider this inherently user-hostile and a tool for lock‑in and future backdoors.
  • Others argue attestation can be useful (e.g., banking, anti‑fraud) but admit it’s routinely used as a hard binary, not a nuanced risk control.

Impact on Alternative OS and Digital Inclusion

  • Users of GrapheneOS, AOSP forks, e/OS, Sailfish, Linux phones, etc. report or expect exclusion when apps demand Google/Apple attestation.
  • Some call for lawsuits, DMA complaints, and coordinated user pressure on app providers.
  • Concern that people without smartphones—or who reject Big Tech TOS—will be effectively shut out of services.

Regulation, Monopolies, and Politics

  • Debate over whether regulation tends to entrench incumbents by raising compliance costs, versus being the only realistic way to curb monopolies.
  • Several see this as a classic case of regulatory capture benefiting large US tech firms; others blame inertia, incompetence, or lack of EU funding for alternatives.

Proposed Alternatives and Design Critiques

  • Suggestions include:
    • EU-controlled attestation separate from Google/Apple.
    • Mandatory support for smartcards and hardware tokens.
    • Local-first, open protocols where government signs credentials and any client can selectively disclose attributes (e.g., “over 18”) without full tracking.
  • Some criticize OpenID4VP/EUDI design as over‑complex, non‑anonymous, and verifier‑phone‑home centric.

Broader Civil Liberties and Surveillance Fears

  • Many view digital ID, age verification, and chat‑control pushes as part of a coordinated trend to eliminate anonymity and expand state/corporate control.
  • Worries include debanking, exclusion from society, and fine‑grained tracking of what citizens access, buy, and view.