Skip to content
Tech News
← Back to articles

European digital ID wallets are a gift to Google and Apple

2026-06-30 | original
read original more articles
Why This Matters

European digital ID wallets rely heavily on Google and Apple's safety services, which could entrench the dominance of these private tech giants in public infrastructure. This dependency raises concerns about societal reliance on private companies and potential conflicts with regulatory frameworks like the Digital Market Act. The situation exemplifies how big tech platforms can extend their control into essential public services, impacting both consumers and the broader tech ecosystem.

Key Takeaways

European governments are rolling out digital identity wallets, which are to be used by citizens to access services, and to verify their age online. As reported by Follow the Money and Android Authority, there is a serious problem with this: these wallets rely on safety services of Google and Apple. These are known as Google Play Integrity API, and Apple’s Managed Device Attestation1. Such safety services (known as “remote attestation”) are used to ensure that wallet apps run on hardware that is not tampered with. In this article we explain why the EU-wallet case is part of a bigger problem: by embedding these safety services in public infrastructure, Europe risks making society dependent on private companies while serving their corporate interests.

Here is the problem:

Google’s Play Integrity API is not just a security feature: it is reinforcing Google’s control over the Android ecosystem.

Google’s Play Integrity API is an instructive case for how big tech platform companies accrue power. The API is a free piece of software that Google gifts to developers to help with their app development. It allows developers to check whether an app is running on a “genuine certified Android device” to test the integrity of a mobile device. This can help developers reduce abuse by bots, fraud in banking apps, or cheating in game apps.

But in doing so, it also checks whether a device is running a Google-licensed version of Android and treats unlicensed alternatives as a potential security risk. When Google verifies whether an app has been tampered with, it uses the Google Play Store as the source of truth, checking both whether the app has been modified and whether it was installed through the Play Store. As a result, Google’s safety service is designed to exclude operating systems that are not licensed by Google, encourage installation through the Google Play Store, and require users to sign in with a Google account. This is a clear violation of the Digital Market Act (DMA).

We do have a choice. A more open alternative to Google Play Integrity exists but is being ignored: Android's Hardware Attestation API. It provides hardware-based security checks but without enforcing Google’s ecosystem policy.

Governments are cementing a monopoly they claim to oppose

The EU often states that it wants to break the big tech monopoly. Yet, European member states risk reinforcing Google's ecosystem when they embed the Google Play Integrity API into their digital ID wallet architecture. For example, wallet developers in the Netherlands and Italy have implemented Play Integrity. As a result, users of de-Googled operating systems such as e/OS and GrapheneOS can be excluded from accessing these services.

In this way, governments effectively become enforcers of a private company's platform policies. This stands in tension with Europe's ambition to build digital public infrastructure based on public values such as openness, inclusiveness, and technological sovereignty. It also stands in tension with the regulation underpinning the EU’s identity wallet, which identifies interoperability as a key objective. Users who want the autonomy to use operating systems without pre-installed Google software, Google trackers, and built-in LLMs, are forced to use Google software, if they want to use the wallet. And here, they will not have a choice.

ID wallets are public infrastructure to access critical public services. They should remain interoperable across different devices and operating systems, free from vendor lock-in.

... continue reading

Explore topics: google play integrity apple managed device attestation european digital id android ecosystem google
Related:
Walmart’s budget Onn Google TV stick now costs double, because why not
Think Twice Before Using That Unsanctioned AI App at Work
Google swears (again) that data-sharing rules will help scammers, threaten your search history
Your Pixel phone now supports high-res Bluetooth audio — here’s how to use it
Building tech in the world’s secret R&D hub

© 2026 GoKawiil

About | Editorial Policy | Contact