The issue isn't just the technical dependency.

It's also the fact that it forces each citizen to pay a few hundred Euros to companies which then campaign against their very rights.

Citizens get no support of any kind in case of issues, and has to enter a contractual agreement which is ridiculously asymmetrical, where the company has little to no responsibility of any kind, but has very ample rights to track the other party in extremely creepy ways.

Special-casing support for GrapheneOS would be a band-aid, they should find a way to avoid requiring remote attestation in the first place, so anyone can use whatever OS they like on whatever hardware they like.

This is only reflects their market share for now. The EU legally forbids member states from making a smartphone mandatory to access public services. The EU explicitly anticipated the danger of relying entirely on the iOS and Android and designed the EUDI Wallet framework to allow for other physical form factors. For example;

1. Smart Cards (for example The Current National ID)

2. Standalone Hardware Tokens & USB Keys

The lawsuits, sadly, won't matter. "Security" (or, rather, totalitarian control!) is more important than the 1% of nerds who care enough to tinker with their phone.

GrapheneOS supports attestation too, so even if they succeed it will likely just turn into a gift to Google, Apple and GrapheneOS. It's hardware attestation that needs to be opposed as it's inherently user hostile, allowing a single popular Android distro doesn't do much in the grand scheme of things.

As a technical point, note that however there is no legal requirement to follow this reference. Wallet providers can choose a different implementation.

Motorola/GrapheneOS, and FairPhone/e/OS.

Lobbyists do not sleep. It's easy to recall how those two, especially apple, tried to sabotage FIDO2 trying to capture webauthn standards, fortunately failed. EU also has to learn their inside traitors who sabotage their great efforts in decentralization of identity, and learn to avoid those incredible situations like happens right now with chat control directly lobbied by silicon valley surveillance vendors

There is too much corruption, nothing can be done at this point. Atleast CIE app works on graphene for now so I can do everything else on the web. If they block that idk what I would even do.

Also, as the article says, Play Integrity is most likely a violation of the DMA. Send a message to the EU DMA Team if you live in the EU and are affected by this (or affected by this in the future, if you plan to switch to an alternative):

https://digital-markets-act.ec.europa.eu/contact-us-eu-citiz...

The more examples they get of actual citizens that get hit by this, the better. I have recently sent messages when Google introduced their new device-based recaptcha and when Volkswagen started blocking GrapheneOS. Of course, do not yell, explain patiently and with good argumentation why you are affected by Play Integrity and how you believe Play Integrity is used to enforce the duopoly + goes counter EU sovereignty.

Also, for apps that use Play Integrity, e-mail the company. React to their boilerplate replies with follow-ups (this slowly seems to get some headway with VW). Also leave a one-star review on their app, explaining in the review that they broke support for your system.

I know that this can all seem hopeless. But especially GrapheneOS is getting a lot of momentum now, rapidly gaining more users. It feels like it is a moment in time where we can seriously influence things for the better. There are ~500,000s users now. If everyone actively participates, we can move the needle.

Honestly, as long as the architectures is fatally flawed (Even if convenient) it's just bandaids over a larger issue.

These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.

Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).