hightrust.id - Another Sucker for Play Integrity API

andzhi4

Hi Everybody!
Just to add to a pile of apps that refuse to work because of the Play Integrity API.
Meet the new kid, hightrust.id: https://play.google.com/store/apps/details?id=com.megical.easyaccess&hl=en_GB

This is a recent development from a Finnish company. The app can now be used in Finland for authentication in government and healthcare services.
It is kind of a wallet where you can put your government issued id (a PGP certificate on a smartcard basically), and it can then streamline you authentication on different websites.
The thing allows you to go all the way through with adding the ID card, but refuses to work during authentication flow. Blocking play integrity access does not help.
I'll welcome any reviews and inquiries to their support (contact@hightrust.id) from anyone interested or willing to help.
Thank you

andzhi4

Just to make it more clear, they only block you when you try to actually login to some service. I.e. they have no problem with you installing and running the app, unlocking and reading your id card. Then you can set the card's authentication and signing pin codes (which are written back to the card btw) and add the card to the app's wallet.
I might be wrong, but tf the device was compromised and this particular app was targeted, wouldn't it be a game over already, since the attacker likely had enough data to clone the card and use it somewhere else?