> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.

There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.

Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.

In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.

This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.

In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.

However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.

All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.

I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.

Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.

"I'm not a fan of regulating extremely huge companies, except for the way I'd regulate them."