Comment by ibbtown
13 hours ago
Why is a trusted device chain needed? It will put more trust in the potential Chinese device maker and American software companies than the user who's id is shown?
13 hours ago
Why is a trusted device chain needed? It will put more trust in the potential Chinese device maker and American software companies than the user who's id is shown?
Simply because the law was written that way. But also the whole idea of identity verification becomes pretty useless, if there is no chain of trust. You could run a modified client that lets you assume any identity you choose, exactly the opposite of what eIDAS is trying to achieve.
> You could run a modified client that lets you assume any identity you choose
Provided you know the secret key to a government-issued certificate. Making it impossible to copy said certificate is not really a requirement for identity verification.
Some countries fixed it already, see Estonian ir Polish IDs with digital layer (performing signing, authentication, etc), and the devices only acting as untrusted interfaces to these.
But you can run modified client already.
Rooted, wildly insecure devices can pass the attestation easily: https://magisk.dev/modules/play-integrity-fix-inject/
Safe, updated devices cannot unless they permit Google to run their surveillance services in the privileged, unconstrained mode.
The documentation actually reveals why this will most likely not work, given you are on expert on mobile security
Who wrote that law and why, this is the question.
I think we need some fingerpointing that EU officials strive to avoid.
It will likely display something like a QR Code with signature anyways, otherwise it's just a glorified passport picture?
Authorities/anyone could verify that it's not counterfeit. And photo should be checked anyways to match the person.
So I also don't see the need for attestation. For ID check it should be ok without. For signing stuff ofc it is not resistant to copying. But EID smartcard function already exists.
This is necessary because the wallets contain an identity proofing functionality called PID(Person Identification Data). Showing these credentials basically approves you are you. There are high requirements for identity proofing that even pre-date wallets and that makes sense, because the potentially blast radius of identity theft is huge. Historically, these have been secured in smartcards, like eID cards or passports and are not shifting to the smartphone. Verifying the security posture of your device and app is therefore crucial.
OK, but Google will happily confirm android device running Oreo is safe.
While it's dramatically worse than devices Google refuses to certify (ie these not running their spyware as privileged services).
What do you mean "shifting to smartphone"? It's not a natural process - it's a technical decision to shift them to the smartphone, and a really bad one. We already have smart cards, they work and do not depend on any corporations, even less foreign corporations.
We even have smartcards with e-ink displays and I'd personally want them to succeed here instead of moving security-critical apps to smartphones..
Because Google then abuses its position to inject unremovable spyware with elevated privileges into the phone which the user then can't defent against without making the phone "unsecure" and thus unsuitable for these apps.
If these apps really need a smartphone, I'd at least want it to be free of ad-related garbage in the system. I'm fine with not being able to flash a custom ROM on the smartcard as it doesn't contain hostile software.
Now if even Apple starts showing ads, there's no other choice but to restist this..