Ya paperz pleaze
Five EU countries are set to test an age verification app to protect children online
www.techradar.com
The tech media is again doing the work of the fascists by not pointing out the rubbish they are talking:
> As the
European Commission explains on its website, the age verification blueprint enables users to prove they are over 18 "without revealing any other personal information."
>
> "It is based on open-source technology and designed to be robust, user-friendly, privacy-preserving, and fully interoperable with future European Digital Identity Wallets," the Commission explains.
It very much does not enables users to prove they are over 18 "without revealing any other personal information." It does not work unless you sign a contract with the biggest threat to personal privacy that gives them the technical and legal right to full access to your hardware. It only runs on insecure compromised systems. This should be highlighted every time this comes up.
EU age verification app to ban any Android system not licensed by Google
The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here:
https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui.
Problem is, the app is planning to include remote attestation feature to verify the integrity of the app:
https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui?tab=readme-ov-file#disclaimer. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:
- The operating system was licensed by Google
- The app was downloaded from the Play Store (thus requiring a Google account)
- Device security checks have passed
While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.
This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.
The issue has been raised here
https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui/issues/10 but no response from team members as of now.
github.com
