68 comments

[ 2.7 ms ] story [ 64.9 ms ] thread
So what was the point of putting a crypto chip into every ID if you are gonna try and reinvent the entire trusted environment in the fucking smartphone?
Is the link broken for anyone else? I'm getting ERR_CONNECTION_CLOSED.
That sounds like a very smart move at the time where Europe realize the US isn't such a gray partner and it's trying to reduce it's critical dependencies on foreign nations tech and infra. Good job. I'm actually very surprised to see this from the germans who have this reputation of great engineering culture
Can anyone point me to where in the MDVN page it mentions requiring Apple and Google account? Thanks
Mastodon thread on this topic: https://mastodon.social/@pojntfx/116345677794218793

See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...

AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes?

(Note: BMI is the German Federal Ministry for the Interior)

> threats:

> unknown system image (e.g. custom ROM)

Oh no, what a horrible crime, somebody dared to modify operating system on their own device..

The title is misleading.

App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.

I've spent a good amount of time implementing exactly this type of system for a backup service.

his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.

The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.

Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.

edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.

All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something.

It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.

I am shocked that there isn’t more opposition from the general public to policies like this that erode privacy and freedom. I am a parent and can appreciate the need to control what children do on the internet, but at some point parents need to parent. I fear we’re giving up a lot of freedom and adding unneeded complexity under the guise of keeping children safe.
Isn’t eIDAS about voluntarily authenticating rather than being controlled/monitored? Or am I mixing up?
Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future.
That headline doesn't match the article at all. Can someone elaborate/confirm this really is the case?
So much for Europe to decouple from orange-man country ...

It is so clear how lobbyists operate here. I'd call it undermining national sovereignty.

The Danish MitId also only runs on Google and Apple devices. No alternative phone platforms are supported including open source Android.

If you don’t have an iPhone or an android, you can get a physical one time password device.

Same in Switzerland. The app needed to sign in to fill out my taxes doesn't work on ungoogled Android.
So much about digital sovereignty
What if you „lose“ your google / apple account, like this sanctioned judge of the international criminal court? Crazy to imagine that we are still baking in dependency on US providers in european societies, even though there is clear indications we should be doing the opposite?
Maybe it will be time to have a critical device around, that does not rely on Apple/google and has stuff like eID and other critical digital documents. But this is going to be annoying, carrying two devices. Maybe easier to keep the paper version as backup for such a case.
I'm not quite sure if the German implementation is possible without mobile devices (couldn't find anything on that at first glance). the Austrian implementation on the other hand does not require a mobile device, if you want to do it on a pc you just need a fido2 token
In context of eIDAS, your phone starts to be used for much more sensitive matters than typing comments or even logging in to your bank. The repercussions from having a secretly patched bootloader can involve another person assuming your identity, including for large B2B transactions.

Requiring citizens to have (buy) some device to simply prove they are who they are seems hostile and dystopian to me. Some say it’s the future; I’m not convinced.

However, if you were to allow me to use my pocket computer (and nothing else) to prove I am who I say I am, you would want to trust that I am not pretending to be somebody else after extracting private keys from their phone or whatnot. I.e., you would want to require some sort of trusted computing.

Currently, that seems to only be provided by closed ecosystem phones.

Even still, I think it’s a mistake to be rolling out eIDAS as a mobile app first. The specification allows for this to be a dedicated hardware key (maybe even something YubiKey-like, and the EU already requires all phone manufacturers to have USB-C), so why not start with that.

I attestation should be abolished altogether. An app should have absolutely no way of knowing what kind of device it’s running on or what changes the user has made to the system. It is up to each individual to ensure the security of their own device. App developers should do no more than offer recommendations. If someone wants to use GrapheneOS, root their device (not recommended), or run the whole thing in an emulator, a homemade compatibility layer under Linux, or a custom port for MS-DOS, that should be possible.
It makes no sense. eIDAS 2.0 specs don't require specific hardware [0]. They basically store verifiable credentials [1] and any other cryptographically signed attestations.

This feels like laziness from German implementers, as they don't want to (quoting the spec literally) "implement a mechanism allowing the User to verify the authenticity of the Wallet Unit".

0: https://eudi.dev/latest/architecture-and-reference-framework...

1: https://eudi.dev/latest/architecture-and-reference-framework...

Europe needs a private European identity provider. Until this happens, Europe will remain a technological vassal state of the US.

These are expensive products, you need depth of expertise and experience to create a system that could compete with the likes of gmail and Microsoft and ... so it's not a wonder that this hasn't happened yet. But pretending like this can be a public service is foolish (too high stakes ~~if~~ when it gets hacked), and pretending like existing providers that offer identity and email are sufficient is equally foolish. Google and ms and apple etc all offer the basics for free, and this is necessary for mass adoption. It will be an expensive project. But necessary, if the eu wants strategic autonomy.

---

Oh and requiring a us based account is not even the most egregious part of this proposal, ffs

Self Sovereign Identity (aka SSI) is the only way out of those identity sovereignty issues. It shouldn't be acceptable that your identity depends on anything or anyone. It should just be your identity.

A paper or certificate can prove an entity trusts your identity to be <firstname, lastname, etc...> but that shouldn't be your identity.

You just are. Not your google Id, not your Apple Id either of course.

Governments are lame.

ISO7816 (smartcard) has existed for nearly 4 decades as the standard secure identity card, widely used by the banking industry among others. Very unintrusive and not hostile beyond needing to carry a little chip. If governments want a national ID, they could just give everyone one of those.
There are even projects of compartmentalized applications, where the same card is used for several independent purposes.