EU testing age verification app that shuns non-Google Android variants

The EU is working on a new age verification app that’s supposed to let people prove how old they are online without sharing too much personal info. Sounds good in theory, but there’s a pretty big catch that has privacy advocates up in arms.

Details on GitHub suggest that the app will only work on Android phones that Google has officially approved. If you’re running something like GrapheneOS or LineageOS – basically Android variants that give you way more privacy and control – you’re out of luck.

This whole thing started as part of the EU’s digital identity project. The idea was to create something member countries could customize for their own age verification needs while keeping user data safe. They even made it open source, which usually means more transparency and freedom for users.

But here’s where it gets messy. The developers decided to use Google’s Play Integrity system to make sure the app is “authentic” and running on a “genuine” operating system. Google’s version of genuine means your Android has to be licensed by them, downloaded from their Play Store, and pass their security checks.

So even though GrapheneOS is actually more secure than regular Android, it gets the boot because it doesn’t have Google’s stamp of approval. You could even build the app yourself from the source code, but the verification service would still reject it because it didn’t come through Google’s official channels.

The whole situation is pretty ridiculous when you think about it. The EU keeps talking about reducing dependence on American tech companies and protecting user privacy. Then they build a system that basically forces everyone to have a Google account and use Google-approved software just to interact with government services.

People have been complaining about this on the project’s GitHub page, but the development team hasn’t said much in response. Some folks think this isn’t just an oversight but shows how hard it is for European officials to actually build stuff without relying on Big Tech infrastructure. It’s not like there aren’t alternatives either. Android has its own attestation features that could do the same job without tying everything to Google’s ecosystem. It would take more work to implement, but it’s totally doable.

The EU just passed the Digital Markets Act to break up tech monopolies, but now they’re building critical infrastructure that reinforces those same monopolies. You can’t really claim you want digital independence while requiring citizens to sign Google’s terms of service.

This matters because age verification is just the beginning. These kinds of digital identity systems will probably expand to other government services down the road. If accessing basic civic functions means submitting to Google’s rules, that’s a problem for anyone who values digital freedom.

The app is still in development, so there’s time to fix this. But it’ll require EU officials to actually follow through on their promises about digital sovereignty instead of just talking about it. Right now, users shouldn’t have to choose between their privacy and participating in digital society.

Recent issues with Meta’s content policies and Google’s helpful content update that wiped off traffic to thousands of websites show exactly why having real alternatives to Big Tech platforms matters. The EU had a chance to build one here, but they seem to be blowing it. We’ll just have to wait and see if the backlash forces a change or if the developers will stick to Google.