European Digital ID Wallets Integrate Google and Apple Safety Services, Raising Sovereignty Concerns

European governments are advancing digital identity wallet initiatives, intending to streamline access to public services and online age verification for citizens. However, a critical issue has emerged: these wallets are being built upon proprietary safety services from tech giants like Google and Apple, specifically Google Play Integrity API and Apple’s Managed Device Attestation. This integration, while intended to ensure app integrity, risks embedding private corporate control into essential public infrastructure and undermining the EU's stated goals of digital sovereignty and open interoperability. It raises significant questions about vendor lock-in and the future accessibility of crucial government services.

What happened

European member states are developing digital identity wallets, designed to provide citizens with secure access to government services and online age verification. Reports indicate that many of these wallet implementations, including those in the Netherlands and Italy, rely on "remote attestation" safety services such as Google Play Integrity API and Apple’s Managed Device Attestation. These services verify that an application is running on an untampered, genuine device, ostensibly to prevent fraud and abuse.

The concern arises because Google's Play Integrity API, while offered as a free security tool, also reinforces Google's control over the Android ecosystem. It checks if an app runs on a Google-licensed Android device and if it was installed via the Google Play Store, effectively treating unlicensed Android alternatives as potential security risks. This mechanism can exclude users of de-Googled operating systems like e/OS and GrapheneOS from accessing critical public services via their digital ID wallets, despite the availability of more open alternatives like Android's Hardware Attestation API.

Why it matters

This architectural choice carries significant implications for digital public infrastructure and European digital sovereignty. By integrating these proprietary services, governments risk creating a de facto monopoly where access to essential public services becomes contingent on adherence to private companies' platform policies. This directly contradicts the EU's stated ambition to foster open, inclusive, and interoperable digital systems and to challenge the dominance of big tech.

The reliance on Google and Apple's attestation services transforms governments into enforcers of private platform policies, forcing citizens who prioritize privacy or technological autonomy to either compromise their choices or lose access to crucial identity services. This vendor lock-in undermines the principle that public infrastructure should be universally accessible and free from corporate gatekeepers, making alternative operating systems less viable for users if they cannot access fundamental government applications.

How to think about it

Developers and policymakers should critically evaluate the long-term implications of embedding proprietary platform services into public infrastructure. When designing systems for universal access, priority must be given to open standards and vendor-neutral solutions that ensure interoperability and prevent exclusionary practices. Exploring and adopting open-source alternatives, such as Android's native Hardware Attestation API instead of Google Play Integrity, can provide robust security without compromising public values or fostering private monopolies. The goal should be to build resilient, accessible digital public infrastructure that serves all citizens, regardless of their chosen device ecosystem, upholding principles of technological sovereignty and user autonomy.

FAQ