EU Breaks Its Own Law, Forcing Use of Google for Age Verification

The EU just took a major step forward in their Digital ID program by releasing an age verification app and framework. Its being tested in 5 EU countries.

The EU presents the app as a private solution to age verification. But there’s one catch. They recommend the app use Google attestation, meaning that it won’t work on alternative phones.

The app will only work on Google phones thanks to its enforcement of Google attestation, even though its less secure.

Everyone in the EU may be forced to use big tech phones when using apps integrated with this age verification system.

How did the EU respond to backlash, and what’s the future for degoogled phones in the EU?

Watch on Substack.

—

The European commission earlier this month rolled out a new app and framework for age verification.

Its intended to be used by other apps that require age verification checks.

The EU loves to present privacy as one of its principles. So their system is open-source, and attempts to minimize data leakage.

Here’s how it works:

• EU member states can develop ontop of this app to create their own age verification apps
• They publish it to the app stores in their country
• Other apps on the phone can request age checks

The requesting party will receive a simple yes/no answer with little additional information, a design choice aligned with the EU’s design principles.

But there’s one problem. This app requires the Play Integrity API, which is a service run by Google to check whether a phone is running a Google approved version of Android.

It excludes alternative operating systems like GrapheneOS and other degoogled OS’.

—

The open-source app was published on Github, and developers quickly took note of this section in the README.

The point of note is the Google Play Integrity API, which the EU has indicated will be part of the app.

Originally released in May 2025, any app developer could choose to implement it into their app.

When activated, your phone communicates with Google Play servers, which sends a response back about:

• whether the app is genuine
• whether its installed from the Google Play store
• whether the phone is running a licensed Android OS. (commercial partnership with Google)

Essentially, its a check to see if you’re in Google’s walled garden with a Google Account or one of their partners like Samsung.

If an app chooses to use this API, then de-googled phone users cannot use it, whatsoever. Therefore, if its a requirement for age verification in the EU, then then those apps will be unusable for anyone on de-Googled phones.

Daniel Micay, founder of GrapheneOS also created an issue on the same project with lots of support.

Micay was quick to point out that the Android Hardware Attestation API would be more secure, while cutting out Google’s monopoly.

Its a hardware based API which doesn’t need to communicate to an external server. It checks:

• Authenticity / integrity of the hardware
• Authenticity of the operating system to ensure current security updates
• Authenticity of the app

The EU is ignoring a more secure option in favor of one that doesn’t even check if the phone is still receiving security updates.

They are enforcing Google’s monopoly, while neglecting security.

—

Since Play Integrity API was released, many large companies have started to enforce the checks in their apps. Most common are banking, financial, and government apps.

Degoogled phone users have workarounds such as loading the service from their browser or from their computer.

Despite overwhelming support from hundreds of developers requesting to remove the Google Play Integrity API requirement, the EU represenative developers brushed it off and said they only created a reference implementation, member states would be able to make their own choices.

Then a few weeks later, they deleted that portion of the README, replacing it with this:

As Micay points out, ironically, another EU regulation - the Digital Market Acts forbids upholding a monopoly on a foreign technology provider. According to the DMA, this requirement would be illegal.

Conclusion

Developers around the world are in agreement. Get rid of the Google dependency.

They reasoned, provided “better” digital ID solutions, pleaded, and cajoled the project, asking other devs to reach out to their EU representatives.

If you know my show, then you know I think that’s not going to work. I reminded everyone on the thread that this is happening everywhere in the world.

Software companies will abide by their investors and financial firms, who are headed by the very same people who attend the annual Davos and Bilderberg meetings.

I’m grateful to have watched Episode 17 of Derrick’ Broze’s Pyramid of Power which was the perfect preface to researching this issue.

It doesn’t matter what country you’re in. Its happening everywhere.

Everyone who is using, or wants to use a phone detached from Google in the EU is under threat of being cut off from basic services.

We need to start rebuilding the world’s tech services in a way that can’t be controlled or taken over.

Agorism and voluntaryism is the way.

🎙️ Follow the show

Finally, a laptop that respects your privacy and your freedom of choice.

✅ Modern reliable hardware.

✅ A cutting-edge Linux OS that's actually easy to use.

✅ Access to more software than ever before.

❌ And best of all, no big tech tracking!