@jdelacueva @EUCommission So in the hypothetical case I'd like to see the source code of that application to see why and how it uses google services, what would be the appropriate bureaucratic way to request it?

@fruitchypear @greatlaketrout @IvanSanchez @jdelacueva @EUCommission requiring drm for a digital identity wallet... yikes ​​

apps attesting the hardware and software they run on is fundamentally drm and is awful. it's also just completely backwards, apps shouldn't even have the capability to do that

the os should be attesting this, not the apps

@lumi @jdelacueva @IvanSanchez @EUCommission @fruitchypear @greatlaketrout that's how you frame it.
Now change your pov, be the company that needs technical measurements to bind your login to your device without having any means to detect, if it's your device through which a login request comes - or it is a MITM.
Many companies may take that risk for for financial gains - or get sued.
But other companies are legally bound to not take that risk

@asltf @lumi

why does the needs of a company dictate restrictions on *all* users?

the platform/os is the source of truth, the way we prevent an unauthorized party of cloning or infecting your device, is by encrypting and verifying the disk, and by not installing malware, by running trusted code only and sandboxing any untrusted code

if the user willingly wants to clone their data to another device, to build and run their own platform, or simply modify/replace parts of their current platform, their "wallet" app must not have any say in it, that *is* drm and the want of control that corporations have must not impede user freedom

play integrity is google's way of exploiting fear in order to gain control