eIDAS 2.0 directive and free Android variants

Mateusz Jończyk mat.jonczyk at o2.pl
Sat Nov 11 13:01:07 UTC 2023


I would like to point to a particular problem with using free software variants
of the Android operating system (LineageOS, etc.): namely proprietary apps that
detect if the phone's software is modified (by rooting or installing custom
ROMs) and then refuse to run if it is so.

Google makes this easy with its DRM mechanism called Google Play Integrity.

This is particularly problematic with software that is important in daily life,
for example banking [1] and government-provided apps. For example, Polish
mObywatel and Ukrainian Diia belong to this category. These apps are published
by the respective governments and used for increasingly many
government-provided services. They refuse to work on LineageOS.

Recently, the proposed version of the eIDAS 2.0 directive seems to require such
behavior of government-issued ID apps. I hope that there is still time for some
advocacy work to revert such changes.

I am afraid that this problem will get worse with time as more people will be
forced not to root their phones. Because of that, rooted phones will get less
frequent and it would be easier for app developers to justify blocking them.
Reversing this situation would then be difficult.

This is going to kill in practice what remains of open source in Android.


Mateusz Jończyk

[1] Reddit thread: Safety Net is making it harder to use or advocate for

More information about the Discussion mailing list