EU’s Open-Source Age Verification App Sparks Controversy with Google Play Integrity Dependency
Do Son 
The European Commission is developing a new open-source Android application intended to facilitate age verification across the EU. This app will allow users to prove their age—such as confirming they are of legal age to access certain online services—while preserving their privacy, as it does not require submission of identification documents or personal ID numbers.
Functioning as a toolbox component or middleware, the application is designed to be a foundation upon which EU member states can build their own tailored solutions to address age verification challenges. By relying on a Europe-based, open-source framework, the initiative seeks to reduce dependency on external commercial entities and mitigate associated security risks.
Currently, the application remains in its early prototype stage and lacks comprehensive security features—such as code obfuscation or tamper protection. During preliminary testing, developers discovered that the European Commission intends to use Google’s Play Integrity API to validate the integrity of devices and applications.
The Google Play Integrity API is a mechanism provided by Google to help developers verify the authenticity and integrity of their applications, as well as confirm whether they are running on unmodified, legitimate devices.
Critics argue that employing Google’s API for integrity checks undermines the EU’s digital sovereignty. Users who install the age verification app outside of Google Play may be unable to pass the API checks, effectively preventing the app from functioning.
For enthusiasts of third-party ROMs, this API poses an additional obstacle. Many custom ROMs are incompatible with the Integrity API, meaning that even users who install the app via Google Play may fail validation and be unable to use it—introducing a host of usability challenges.
However, given that the application is still in its prototype phase, it is possible that future iterations or member state-specific adaptations may remove such constraints. If not addressed, these limitations could exclude a subset of users from accessing the service and provoke further controversy as the project evolves.
Related Posts:
- 11 Russian Linux Kernel Developers Lose Maintainer Status Due to “Compliance Requirements”
- Xbox AI Gaffe: Layoffs, Ill-Timed Recruitment, and a Questionable Image
- Americans have lost more than $2.7 billion to social media scams since 2021
- Apple Overhauls App Store Age Ratings with New Granular Tiers for Enhanced Parental Controls
- Github launches Python security alerts
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
