|
|
Subscribe / Log in / New account

Attestation requirements

Attestation requirements

Posted Jul 24, 2025 22:39 UTC (Thu) by pabs (subscriber, #43278)
Parent article: Graphene OS: a security-enhanced Android build

Attestation requirements seem like an anti-competitive action to me, I wonder if they are illegal under anti-trust law in some countries?

to post comments

f-droid

Posted Jul 25, 2025 4:37 UTC (Fri) by achak (subscriber, #178511) [Link]

GOS is like a swiss-army-knife for android, it is highly configurable for many use cases and still can be secure and private at certain degrees, no need for another marketplace to deliver and update apps; another f-droid repository could do the job.

Attestation requirements

Posted Jul 26, 2025 13:06 UTC (Sat) by kleptog (subscriber, #1183) [Link] (2 responses)

> Attestation requirements seem like an anti-competitive action to me, I wonder if they are illegal under anti-trust law in some countries?

They probably probably could be, if they were used that way.

Like how DVD region coding was labelled anti-competitive in Australia because its primary effect was to make the majority of DVD content unavailable to Australians.

So, if it turned out that a lot of popular apps started using attestation for inappropriate reasons, you might get some regulatory attention. But the current state I don't think there's likely to be a problem.

Attestation requirements

Posted Jul 28, 2025 13:17 UTC (Mon) by pabs (subscriber, #43278) [Link] (1 responses)

Would the EU requiring Google Android for their age verification app count?

https://github.com/eu-digital-identity-wallet/av-app-andr...
https://old.reddit.com/r/degoogle/comments/1mau7yl/eu_age...
https://news.ycombinator.com/item?id=44705240

Similarly the govt id apps of many countries have the same issue:

https://grapheneos.org/articles/attestation-compatibility...

Attestation requirements

Posted Jul 29, 2025 12:36 UTC (Tue) by kleptog (subscriber, #1183) [Link]

That's an interesting question. In this specific context, probably not. There is no market for government services, hence it cannot be anti-competitive. Any issues would fall in the scope of accessibility or fairness of government actions.

Governments create markets. Distorting markets is their job. They destroy the market for assassination while creating the markets for digital goods.

The discussion about such apps requiring Google Android is an important one, but seems to be missing the point. Complaining "the EU is forcing us to use Google" is not a useful action. People need to be proposing viable alternatives. Perhaps working out what it would take for Google to sign Graphene OS. Or perhaps providing an alternate attestation API that would allow a national government to attest the security instead of Google.

People need to work the problem, not complain about the solution. The issue here is: how can someone prove they are over 18 without requiring them to submit their entire government ID with all their personal information. Continuing the current practice of sending copies of your passport/ID card/drivers license everywhere is viable, but (I hope you agree) not optimal.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds