Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bossyTeacher 18 hours ago

> App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed.

To me, there is no difference between your sentences. You require the blessing of an American company to be able use eIDAS. Google has the power to disable eIDAS at a national scale by making the attestation services treat all devices as not certified.

There should be NO reliance whatsoever on a private company not under the control (direct or indirect) of the government let alone a foreign private company.

Edit: I just noticed your username and the fact that your account is very new. Are you astroturfing?

AppAttestationz 17 hours ago | parent | next [-]

I made an account because I'm qualified to talk about this topic :-) I've spent a considerable time testing every corner case of UX, and DX of an app attested service.

App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.

Title is still misleading though, as it explicitly mentions accounts.

whatsupdog 17 hours ago | parent [-]

Come September, there will be no side loaded apps on Android.

gnabgib 17 hours ago | parent [-]

You're behind on your news!

Google details new 24-hour process to sideload unverified Android apps (1196 points, 16 days ago, 1262 comments) https://news.ycombinator.com/item?id=47442690

dugite-code 8 hours ago | parent [-]

Functionaly it's dubious if this will not cause further issues. Developer tools cause some security checks to fail. It's not yet known if the unknown apps setting will do the same

AppAttestationz 17 hours ago | parent | prev [-]

I agree, there is still a reliance on the tech giants that produce the phones, who are the o'es embedding the cryptographic keys, to make this end to end attestation work.

But in pure technical & UX terms, you don't need to be logged in.

bossyTeacher 17 hours ago | parent [-]

[flagged]

AppAttestationz 17 hours ago | parent | next [-]

Your whole point is orthogonal to what I said too.

I said the title is misleading, which it is.

Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.

American big tech has Europe in a stranglehold, I agree with your sentiment there.

eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.

Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.

9 hours ago | parent | prev | next [-]
[deleted]
lucb1e 16 hours ago | parent | prev [-]

How are you expecting someone here to complete a captcha in the comments?