Comment by Luker88
7 hours ago
The EU reference for wallets strictly required google play services https://github.com/eu-digital-identity-wallet/eudi-app-andro...
So Italy's IO app https://github.com/pagopa/io-app (wallet, documents, age verification) continuously refuses the users' request for GrapheneOS support and requires google.
Nothing will change until the lawsuits start coming in.
The only hope is the motorola/grapheneOS collaboration and consumer associations, that might sue for anticompetitive behavior.
Make noise on any channel for the apps that require play services, it will help in the future if the lawsuits start, since it will show user support for the initiative.
The issue isn't just the technical dependency.
It's also the fact that it forces each citizen to pay a few hundred Euros to companies which then campaign against their very rights.
Citizens get no support of any kind in case of issues, and has to enter a contractual agreement which is ridiculously asymmetrical, where the company has little to no responsibility of any kind, but has very ample rights to track the other party in extremely creepy ways.
But ... the alternative is that the government actually pays a bit of money to fix the situation! To support their solutions. To actually develop them for enough devices. To secure them ... Plus the services the government made are way more invasive than the Google/Apple ones.
In addition to the money, actually using them would be hundreds of times more complex, and they don't have the provisions Google has, for example accessibility and security services (like actually stopping people stealing accounts on a large scale). All of this can be done, easily even, but it isn't. Politicians don't want to.
https://www.itsme-id.com/business/platform/identification
https://france-identite.gouv.fr/
https://english.rekenkamer.nl/latest/news/2023/03/29/digital...
I just dont buy the argument that it would be that expensive for the governments to provide certified keychain fobs that provide hardware based identification.
4 replies →
or, not force people into mandatory digital ID wallets at all.
It doesn't force them to, strictly speaking - they also have the choice to sue the government
Special-casing support for GrapheneOS would be a band-aid, they should find a way to avoid requiring remote attestation in the first place, so anyone can use whatever OS they like on whatever hardware they like.
I think there are two fights that are both worth fighting:
1. Completely outlawing remote attestation.
2. In a world where remote attestation is given, let it be controlled in a fair way and not just by Google and Apple.
The risk is that only fighting for (1) leaves you in a world with remote attestation, where only Google and Apple can decide who gets to pass and who not. In fact, that is pretty much the world we are in already.
I agree that they are both worth fighting for, but I think (2) is much easier to accomplish, simply because Play Integrity is probably a DMA violation. (IANAL blah blah)
Allowlisting GrapheneOS's AVB keys does not meaningfully achieve 2, see https://news.ycombinator.com/item?id=48732675
It would be a win for GrapeheneOS users though, so I hope they do get support.
Why is attestation always bad, all the time? When two people interact there’s a trust/risk calculation on both sides. Isn’t attestation just a means of reducing risk for both parties? (We can debate who should control the attestation process and how it should work but your point 1 suggests that there is never a good form of attestation.) What would we do instead?
12 replies →
As outlined here: https://grapheneos.org/articles/attestation-compatibility-gu..., GrapheneOS isn't implementing something unique, it's implementing Android Hardware Attestation: https://developer.android.com/privacy-and-security/security-...
Android Key Attestation produces attestations that are signed with a certificate chain rooted in the hardware vendor's CA. If you use Key Attestation on GrapheneOS on a Pixel device for example, it attests that you're using GrapheneOS's AVB keys, but that attestation is still signed by a Google certificate chain.
"Adding support for GrapheneOS" means allowlisting their AVB keys specifically, it does not open a door for 3rd party implementations in general.
If you run GrapheneOS on a different device of your choosing, attestation would fail.
If you run a non-GrapheneOS custom ROM of your choosing, attestation would fail.
1 reply →
Agreed, it should be open standards only.
No! An open standard for remote attestation would still be remote attestation.
This is only reflects their market share for now. The EU legally forbids member states from making a smartphone mandatory to access public services. The EU explicitly anticipated the danger of relying entirely on the iOS and Android and designed the EUDI Wallet framework to allow for other physical form factors. For example;
1. Smart Cards (for example The Current National ID)
2. Standalone Hardware Tokens & USB Keys
> The EU legally forbids member states from making a smartphone mandatory to access public services.
Yes, I'm sure they'll still allow for mail-in of obscure forms to access public services, which will then take 3 weeks to be processed.
If the EU actually wanted to "anticipate" this danger they'd have made it mandatory to include a physical form factor in EUDI wallets. In reality, they don't mind this danger, so it's optional, and you can bet most countries won't include one and make Google and Apple the only options.
The lawsuits, sadly, won't matter. "Security" (or, rather, totalitarian control!) is more important than the 1% of nerds who care enough to tinker with their phone.
People keep framing these sorts of debates in terms of tinkering.
It's about ownership, not tinkering. It's about preventing megacorporations from having the last word about how government services can function and how people can interact with them.
It's not 1% here though... Graphene has 300k users worldwide. There's 8 million absolutely illiterate and 150 million functionally illiterate people in Europe for comparison on scale here.
>150 million functionally illiterate people in Europe
1/3 of the population functionally illiterate in Europe seems beyond wild to me.
Are you talking about technical illiteracy? security illiteracy?
Or do you mean they can't read english, which is a very different thing.
9 replies →
150 million functionally illiterate people in Europe? Just how is that defined?
3 replies →
First, GrapheneOS supports remote attestation. So if they want their security, they can have it. Second, the current focus of the EU on sovereignty is a window of opportunity and there are better opportunities to fight this than two years ago.
I think it does if enough people try this. I will.
GrapheneOS supports attestation too, so even if they succeed it will likely just turn into a gift to Google, Apple and GrapheneOS. It's hardware attestation that needs to be opposed as it's inherently user hostile, allowing a single popular Android distro doesn't do much in the grand scheme of things.
Every Android system support remote attestation. It's part of AOSP. Google just decided not to use it, because Play Integrity allows them to lock in phone manufacturers and force them (per leaked agreements) to preinstall a bunch of Google apps and require to run Play Services and some other components privileged on the system.
Play Integrity checks if app was tampered with. Hardware attestations can only guarantee key's source and cannot be used to check app integrity.
1 reply →
Something being in AOSP doesn't mean your distro has to retain it. Besides, the world doesn't end on Android systems.
The more the better - being forced to maintain an up-to-date list of Google competitors (including some that don't keep attestation keys secure, so the bad guys will pretend to be those and you'll be forced to allow it anyway) may make some reconsider whether the feature actually brings any value.
As a technical point, note that however there is no legal requirement to follow this reference. Wallet providers can choose a different implementation.
Lobbyists do not sleep. It's easy to recall how those two, especially apple, tried to sabotage FIDO2 trying to capture webauthn standards, fortunately failed. EU also has to learn their inside traitors who sabotage their great efforts in decentralization of identity, and learn to avoid those incredible situations like happens right now with chat control directly lobbied by silicon valley surveillance vendors
Motorola/GrapheneOS, and FairPhone/e/OS.
Fairphone/e/OS is Dutch and French respectively. It'd be funny if the EU forgot to permit the use of a pure european system.
Prepare to laugh then. Most EU politicians don't have a clue that these systems exist.
1 reply →
Yes
Oh and Sailfish OS [0], Postmarket OS [1], and whatever Purism runs [2].
[0] https://sailfishos.org/
[1] https://postmarketos.org/
[2] https://puri.sm/products/librem-5/
3 replies →
There is too much corruption, nothing can be done at this point. Atleast CIE app works on graphene for now so I can do everything else on the web. If they block that idk what I would even do.
Don't assume corruption for something that can be attributed to not giving a fuck.
I do occasionally suspect corruption, but neither Google nor Apple have any incentive to pay off officials to get this passed. They can't beat each other, and the rest of the mobile OS'es is no threat to their revenue.
1 reply →
I do assume corruption, All this random "compliance laws" are not made to help the people but to preserve corporate interest.
One set of people might not give a fuck.
Other interested parties can still be trying to steer the ship.
Corruption to push it through, not giving a fuck to keep it that way.
Also, as the article says, Play Integrity is most likely a violation of the DMA. Send a message to the EU DMA Team if you live in the EU and are affected by this (or affected by this in the future, if you plan to switch to an alternative):
https://digital-markets-act.ec.europa.eu/contact-us-eu-citiz...
The more examples they get of actual citizens that get hit by this, the better. I have recently sent messages when Google introduced their new device-based recaptcha and when Volkswagen started blocking GrapheneOS. Of course, do not yell, explain patiently and with good argumentation why you are affected by Play Integrity and how you believe Play Integrity is used to enforce the duopoly + goes counter EU sovereignty.
Also, for apps that use Play Integrity, e-mail the company. React to their boilerplate replies with follow-ups (this slowly seems to get some headway with VW). Also leave a one-star review on their app, explaining in the review that they broke support for your system.
I know that this can all seem hopeless. But especially GrapheneOS is getting a lot of momentum now, rapidly gaining more users. It feels like it is a moment in time where we can seriously influence things for the better. There are ~500,000s users now. If everyone actively participates, we can move the needle.
Honestly, as long as the architectures is fatally flawed (Even if convenient) it's just bandaids over a larger issue.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
> These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
It's great you do have a bank-bound system in Finland. I hope their implementation is not as bad as e.g. the Swedish BankID.
BankID is _in theory_ a nice technology. However, it is only handed out to people registered with the Swedish tax authorities holding a Swedish bank account.
All daily activities are nowadays bound to BankID: need a doctor's appointment? -> needs BankID; Want to buy something on Blocket? -> needs BankID.
As an European frequently spending some time in Sweden not in possession of a Swedish tax #, I feel very much excluded from online and partially offline activities in this country.
3 replies →
Again, it's all still tied to that one device, the phone, if it's hacked it's really game over and with a big enough hole in the Android or iOS ecosystem that could be wormable a lot of people could be exploited en-masse.
Sure a 24h delay or SMS code are 2 way but they fully fall into the bandaid category.
In the past we used to have disconnected dongles for banking, the bank issued a one-time challange and you entered the response along with your username. Now there are disadvantages with those also but at least it was fully airgapped.