The article says European digital ID wallets are being built in a way that leans on Google and Apple safety and attestation services, especially on mobile, which turns a public identity layer into infrastructure controlled by two US platform companies. In plain terms, the concern is not just that iPhone and Android dominate smartphones. It is that access to state-backed identity, age checks, and other public services can end up gated by platform trust systems that citizens do not control and that alternative operating systems often cannot pass.
That framing landed hard. Most people treated this as a direct contradiction of the EU’s stated goal of digital sovereignty, and a bad bargain even on narrow security grounds. The strong view was that device attestation gives governments and platform vendors too much power to decide which hardware and operating systems are acceptable for civic life. Several commenters pushed past the headline and said the real design mistake is relying on
remote attestation at all. Allowlisting
GrapheneOS or swapping
Play Integrity for
Android hardware attestation would help a few users, but it would still preserve the basic model where a service can reject a citizen because their device stack is not approved.
The comments also clarified an important implementation detail. The EU reference framework may lean toward official app stores and mobile attestation, but member states are not legally forced to copy that exact design. The framework explicitly allows other form factors such as smart cards, hardware tokens, and USB keys, and EU law does not let governments make smartphones the only route to public services. The skepticism was that this escape hatch exists mostly on paper unless countries are required to ship and support those alternatives.
Where the conversation got most concrete was on alternatives. Repeated suggestions were to make the physical national ID card or a dedicated hardware token the trust anchor for sensitive actions, instead of the phone OS. Others argued for a simpler protocol where government-signed credentials can be loaded into any compatible client and selectively disclosed without platform lock-in. There was also a privacy warning that even if the wallet uses selective disclosure or age-only claims, some verifier designs can still create tracking opportunities if issuers or verifiers see enough metadata. The overall conclusion was blunt: this is not just a niche complaint from custom ROM users. It is a governance choice about whether digital identity belongs to citizens and states, or to Apple and Google’s trust stack.