German implementation of eIDAS will require an Apple/Google account to function

NooneAtAll3

what's eIDAS?

stefan_

So what was the point of putting a crypto chip into every ID if you are gonna try and reinvent the entire trusted environment in the fucking smartphone?

jml7c5

Is the link broken for anyone else? I'm getting ERR_CONNECTION_CLOSED.

lta

That sounds like a very smart move at the time where Europe realize the US isn't such a gray partner and it's trying to reduce it's critical dependencies on foreign nations tech and infra. Good job. I'm actually very surprised to see this from the germans who have this reputation of great engineering culture

livvy

Can anyone point me to where in the MDVN page it mentions requiring Apple and Google account? Thanks

raphman

Mastodon thread on this topic: https://mastodon.social/@pojntfx/116345677794218793 See also this issue from 2025 where the developers responded: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen... AFAICT, there is no mention of an Apple or Google account being required in general - the documentation just lists "signals" that are used to securely authenticate a person - such as Google's/Apple's security ecosystems. I am not sure what this means in practice. Can anybody with deeper understanding explain the actual implications and possible outcomes? (Note: BMI is the German Federal Ministry for the Interior)

zb3

> threats: > unknown system image (e.g. custom ROM) Oh no, what a horrible crime, somebody dared to modify operating system on their own device..

AppAttestationz

The title is misleading. App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you. I've spent a good amount of time implementing exactly this type of system for a backup service. his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server. The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app. Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof. edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.

AlBugdy

All these requirements for specific hardware and software are ridiculous. Let every citizen use whatever computer they want. It should be up to the user to secure themselves. Authentication should only require a password or a key pair. If the user wants more security, they can set up TOTP or buy a security dongle or something. It's also ridiculous how it seems we've forgotten computers other than smartphones exist and that not everyone even has a smartphone, let alone with an Apple or Google account.

cebert

I am shocked that there isn’t more opposition from the general public to policies like this that erode privacy and freedom. I am a parent and can appreciate the need to control what children do on the internet, but at some point parents need to parent. I fear we’re giving up a lot of freedom and adding unneeded complexity under the guise of keeping children safe.

chmod775

They're taking feedback here: https://gitlab.opencode.de/bmi/eudi-wallet/wallet-developmen...

0x_rs

Does this mean sanctioned individuals, such as those in the International Criminal Court, would be unable to access eIDAS, among other things? As it requires, from my understanding, installing app(s) from the play store, thus requiring an account there and being able to access it, which isn't happening if you're among those or really, in any group that might get the same treatment in the future.