Your phone could lock you out of European public services.
To prove your phone is safe, the EU's ID wallets ask Google and Apple. That quietly decides which phones are allowed to count.
By 2026, every EU country needs a digital ID wallet. Many lean on Google and Apple to judge your phone.
By the end of 2026, every country in the EU has to give its citizens a digital ID wallet: one app that holds your identity documents, signs you into government services, and proves your age online. To decide whether your phone is safe enough to run it, many of these wallets ask Google or Apple. That one design choice quietly lets two American companies help decide which phones are allowed to hold your ID.
What the wallet actually is
Picture your physical wallet: ID card, driving licence, maybe a health card. The EU wants that on your phone instead, under a law called eIDAS 2.0 (Regulation (EU) 2024/1183, in force since May 2024). All 27 member states have to offer at least one certified wallet to citizens and residents by the end of 2026.
Because the wallet holds real identity documents, it has to be sure it is running on a genuine, untampered phone and not a clone or an emulator faking the whole thing. That part is fair. An ID app has every reason to distrust the device until it can check.
How the wallet checks your phone
This check is called remote attestation. Rather than build it from scratch, most wallet teams reach for the tools already sitting on the phone:
- Google Play Integrity API on Android
- Apple Managed Device Attestation on iPhone
Both report back whether the device and app look legitimate. On the surface this is sensible. The tools exist, they are maintained by the platform owners, and reusing them is faster than writing your own security layer.
The catch
Google's check does not only ask whether your phone is secure. Its strongest verdict also asks whether you are running Google's licensed version of Android, installed through the Play Store.
So a phone running GrapheneOS or e/OS, hardened Android builds that privacy-conscious people choose precisely because they are locked down, can be marked untrusted. The hardware is fine. The encryption, the verified boot, the update chain are all fine. It is just not Google's Android, so the wallet can refuse to open. This is the argument made by Waag Futurelab, an Amsterdam research lab, in a piece bluntly titled "European digital ID wallets are a gift to Google and Apple."
Different countries, different calls
The EU's own Architecture Reference Framework recommends Google's approach but does not require it. That leaves each country to decide, and they have not decided the same way.
Switzerland walked away from Play Integrity citing data protection, data sovereignty, and freedom of choice. Its e-ID sits outside the EU mandate technically, but it is solving the identical problem, which is why it keeps coming up as the counterexample: a government wallet that verifies the device without handing the keys to Google.
There is already a less locked-in option
Android ships a second mechanism, hardware key attestation, that checks the same thing: is this a real, secure, untampered device? It leans on the same secure hardware Google's strong verdict relies on. The difference is that it can be configured to trust a hardened OS like GrapheneOS on its own terms, instead of trusting only Google-licensed builds.
GrapheneOS argues its own attestation is actually stronger than Play Integrity's top tier, and it runs a public tool that proves a GrapheneOS device is genuine with no Google in the loop. Their attestation compatibility guide walks through what each check really verifies. The point stands either way: the secure alternative is not hypothetical. Switzerland is shipping it.
Why this is more than a phone preference
A digital ID wallet is not an app you can shrug off. It is turning into the front door to essential services: healthcare, tax portals, age-gated sites, proof of identity for a rental or a bank. When the front door only opens for Google-blessed phones, Google gets a say over access to public infrastructure it does not run.
That sits oddly next to what Europe says it wants. Digital sovereignty, more competition, less dependence on Big Tech. Building the ID layer on Google's attestation pushes the other way, and it turns governments into the enforcers of one company's platform rules. There is even a legal knot in it: the EU's Digital Markets Act is busy pushing Apple and Google to open their platforms up, while wallets built on their attestation quietly do the opposite.
It is not settled yet
The good news is that this is being argued in the open. On the EU's own reference wallet, one of the loudest requests on the public tracker is a plain one: remove the requirement for Google Play Integrity.
And on the related EU age-verification app, Scytales, one of its developers, said in July 2025 that the app is white-label and can verify a device in several ways. Play Integrity is only one of them, and hardware key attestation will likely be supported too. That is the crack worth watching: the choice is starting to be framed as one option among several, not a default nobody questioned.
Why a build studio cares
We ship apps that run on other people's phones, and attestation is quietly becoming the gate on who gets in. If you build anything that leans on Play Integrity or Apple's App Attest, whether for payments, logins, or age checks, you are also deciding which of your users get shut out, often without meaning to.
The lesson mirrors one we keep hitting, most recently in our post on Spain's IP blocking: the platform your code runs on is part of your product, not a detail underneath it. A secure default that silently excludes a slice of careful, legitimate users is a support ticket, a bad-press cycle, or a regulator's question waiting to happen. For a national ID wallet, it is all three at once.
Next step: read Waag Futurelab's full argument for the policy side, and GrapheneOS's attestation guide for the technical one. If you are building something that depends on device attestation and want to avoid locking out your own users, write to us at hello@gattyworks.com.