EU might enforce Google Play Integrity for their Digital Wallet App

Murcielago

By Zero-Knowledge Proof:

Zero Knowledge Proofs provide a cryptographic way to not give something away, like your exact date of birth and age, while proving something about it. They can offer a “yes-or-no” claim (like above or below 18) to a verifier requiring a legal age threshold. Two properties of ZKPs are “soundness” and “zero knowledge.” Soundness is appealing to verifiers and to governments to make it hard for a prover to present forged information. Zero-Knowledge can be beneficial to the holder, because they don’t have to share explicit information, just the proof that said information exists. This is objectively more secure than uploading a picture of your ID to multiple sites or applications, but it still requires an initial ID upload process as mentioned above for activation

Source: https://www.eff.org/deeplinks/2025/04/age-verification-european-union-mini-id-wallet

ryrona

Fupira Our current implementation doesn't require any attestation at all.

I am pretty sure it does attestation, at least for the age verification functionality, just, the chip on the physical ID card is the root of the attestation instead of your phone.

Fupira Here's an amusing fact, to the best of my knowledge: German porn sites left Germany for various countries, for example some moved to Cyprus, so they don't have to comply with that law. Pretty much all porn sites are accessible without age verification in Germany as of now: "Yes, I'm 18 or above".

Viewpoint0232 How would this "is over 18? y/n" attestation work? Surely, there must a method to prevent someone just sharing his attestation key with everyone. So either the government will see on which websites you verify your age, or the website will see some kind of unique ID from you (pseudonymous, not anonymous). Either way I don't think you can remain completely anonymous?

Talking about attestation in general terms, as I don't know for Google Play Integrity works specifically.

The attestation keys are typically embedded in the secure element, so they cannot be extracted. From what I read, every batch of 1000 Pixel phones have the same attestation root key embedded, so you have an anonymity set of 1000 phones, not a unique ID. From what I read, to further improve your privacy, for each app, a brand new attestation key is generated, and then it is sent to a Google service for signing, together with an attestation from the attestation root key that it was indeed generated inside the same secure element chip. So nothing is sent to any government at all. And what is sent to the server you want to prove your age with is (whether above 18 years old so "yes" or "no", certificate with your device type eg "Pixel 7a" and public part of app unique attestation key signed by Google, an hardware generated attestation of what operating system signing keys are loaded eg GrapheneOS official signing keys and what app signing keys are loaded eg official EU Digital Wallet signing keys). This allows the server to verify that the attestation key is legitimate and trusted and for a known secure device, and then trust the information in the actual attestation thus knowing the app is loaded in a secure environment and thus unmodified and untampered with, and then they can trust the "yes"/"no" response.

So, yeah, theoretically, the server you show this attestation to could coerce Google to reveal logs over what attestation keys they signed, and then you would know for certain it was one out of a set of 1000 devices that proved their age. Otherwise, your anonymity set would be that of the device type (which can be a broader set than "Pixel 7a" such as "phone known to be secure in 2025", I don't know the detail what they use.)

Murcielago By Zero-Knowledge Proof:

Wait what?! Is that what they are doing? Okay, that is beyond what I am able to comprehend technically. So possibly even more private that doing attestation as I described above?

wonder75

graphenelover7 Me neither. Let us see how the beast will try to force us into signing up.

userofgos

ryrona Zero Knowledge Proofs would be the way to go, and I certainly hope that they choose to implement it, and do it properly.

Here's an article explaining the concept with three in-depth and illustrated examples: https://www.circularise.com/blogs/zero-knowledge-proofs-explained-in-3-examples

ryrona

userofgos Zero Knowledge Proofs would be the way to go, and I certainly hope that they choose to implement it, and do it properly.

I just remembered something. Cannot you get a blinded signature from the government on the statement that you are above 18 years old, or below 18 years old, and then simply unblind that signature before showing it to the server you want to verify your age to? Unless I misremember, that should be very easy to implement, doesn't rely on anything Zero Knowledge or other advanced crypto, and doesn't require attestation, so will leak way less information?

userofgos Here's an article explaining the concept with three in-depth and illustrated examples: https://www.circularise.com/blogs/zero-knowledge-proofs-explained-in-3-examples

The third example is definitely flawed. How would you prove to the other party you destroyed exactly three keys, without showing to them you destroying them and thus revealing which ones you destroyed?

But yeah, I have seen many such illustrative examples before, I just never understood how that can be transferred to an actual cryptographic implementation. It seems at that point, it goes from a hard to explain concept to almost impossible to understand, resorting to very advanced algorithmic modelling like circuits and.. yeah, that was the only of all the things I even knew what it was.

de0u I think the OS must be trusted as well, or else it could single-step the app until it decides "under 18" and then flip the value in RAM before it's signed. If so, they would need to trust the GrapheneOS developers ... and decide whether to trust Ca---OS or whatever is on the B--- phones.

GrapheneOS should be easy for them to trust though, since GrapheneOS keeps the original security model of Android intact. I don't know about the other two, so the general problem that this will affect "mod users" remains. Which may limit adoption.

de0u Meanwhile, if they really manage to keep 16-year-olds from porn, maybe there will be a wave of teenage pregnancies... or smoking...

Is that really what they are trying to do? Add age verification for porn sites? They don't seem to express that openly in that case, or I missed where they did that.

Because, yeah, I agree. Given how extremely successful authorities have been at eliminating child porn from the internet (I am being very sarcastic here), I think we can all agree trying to keep teens away from porn by similar regulations will be pointless. I thought the authorities would have realized that by now. But given they spend zero efforts on actual effective ways to reduce child porn consumption, to the point people by now believes there is a conspiracy, I hardly believe they are actually intending to block teens from accessing generic porn sites as much as showing the population "we are doing something about it" if this is really what they intend to use the age verification for.

But I guess time will tell.

de0u

ryrona They can of course use GrapheneOS' attestation version too, we can write a pull request if we want. They only need to attest to the server the user is running the genuine unmodified app, so the server can trust the "yes"/"no" answer, since there is no other identifying data sent.

I think the OS must be trusted as well, or else it could single-step the app until it decides "under 18" and then flip the value in RAM before it's signed. If so, they would need to trust the GrapheneOS developers ... and decide whether to trust Ca---OS or whatever is on the B--- phones.

I get that they could run the app in some kind of enclave, but I am skeptical that lots of phones support that.

Meanwhile, if they really manage to keep 16-year-olds from porn, maybe there will be a wave of teenage pregnancies... or smoking...

P3yot3

I see the devs of this monstrosity have started culling all dissenting voices, closing all points raised.

And so it begins.....

ryrona

P3yot3 I see the devs of this monstrosity have started culling all dissenting voices, closing all points raised.

And so it begins.....

There is a lot of criticism that has been directed to them. Massive amount. Including several activists knowledgeable about EU laws arguing that their proposed solution with Google Play Integrity if implemented would be in violation to other EU laws about device and OS neutrality. That sounds like it could easy be taken to court if they go ahead.

So.. I imagine the developers are actually not silencing voices right now, but in outright panic about how to handle the situation. They are probably discussing alternative solutions as we speak. They probably neither were aware their solution would be that controversial or even controversial at all, nor that it would be in violation to laws. They are just developers after all, tasked with implementing a privacy preserving age verification solution, and might have thought Play Integrity would be a natural building block without thinking much or at all about the consequences of using that.

tbot

Its great that GOS has announced why standard Android hardware attestation is better for security.

In theory, tech companies would use the more secure method instead of imposing big tech screening upon their users.

In practice, the apps that matter (banking apps, financial services, travel, social media) have more important stakeholders than just technical stakeholders.

These are publicly traded companies that abide by the direction of their board and the major stakeholders, which typically include the biggest financial firms in the world. Blackrock, Vanguard, State Street.

If the international trend is that apps must require Google attestation, then major apps will follow as the result of investor control. And this trend is starting to show if it isn't obvious already.

Age verification is already mandatory in the UK, will be enforced in Australia by the end of year. Digital ID is now mandatory in many countries like China, Mexico, Vietnam, and Pakistan. In more "democratic" countries, the infrastructure for Digital ID is already in place and is building adoption.

Digital ID laws also create requirements for things like opening a bank account, paying bills, or getting a SIM card.

Its time to get real, as the time horizon is quickly approaching where the most "important" apps won't be usable by those who care about privacy, resulting in a fracturing of the tech space.

If we accomodate and comply with attestation, we'll be caught unprepared and be forced to pick up a big tech phone once again. Digital ID enrollment won't be far behind, and thus it will be for us, our children, and our children's children.

OR we can build actual solutions for decentralized finance, travel, and social media that will offer people freedom and privacy.

We have about a few years to do this. Let's build something better.

P3yot3

The way I see it, there is only one future-proof, secure & trustworthy method of pulling this off - Blockchain tech.

It's what Blockchain technology was invented for. Same tech as Bitcoin. It works. Forever.

Don't Trust - Verify.

archbtw

Wouldn't this mean the government is going to know that you visited a certain site, even if you use tor?
Even if it's a yes or no question regarding adult age, the app or their backend would know what site is requesting the verification.

ryrona

archbtw Wouldn't this mean the government is going to know that you visited a certain site, even if you use tor?

Depends on how it is implemented. It is technically possible to implement a system that can attest to a third-party you are above a certain age, without revealing to the third-party who you are or your exact age. In fact, there are multiple different ways to implement this.

archbtw Even if it's a yes or no question regarding adult age, the app or their backend would know what site is requesting the verification.

If the app is open source, and has reproducible builds, we can verify it does not leak that information to anyone. Likewise, it is possible to create such attestations about being above a certain age without revealing to the ID issuing server what site it is you are visiting, and in fact without contacting the ID issuing server or any other server at all (eg using hardware attestation).

It all depends on how they implement it.

« Previous Page