EU Age Verification: Integrity Without Google and Apple

Published Date : 7/30/2025 

Concerns over the EU Age Verification app's reliance on Google and Apple have been addressed by Scytales, the app's developer. The company reassures that multiple methods of ensuring app integrity will be available, not just those controlled by U.S. tech giants. 

A controversy has erupted over a rumor that the Age Verification app in development by the EU may only allow the required age checks to be completed for apps and operating systems that are approved by U.S. tech giants Google and Apple. Scytales, which is developing the white-label app, has responded to the concerns with reassurance that other methods of ensuring integrity will be available.

The EU Digital Identity Wallet initiative’s expansion into age assurance was met with a mix of incredulity and skepticism at the Global Age Assurance Standards Summit in Amsterdam earlier this year. Attendees from among age assurance providers suggested that public money could be better spent addressing a problem that was not already addressed by products in the market. The threat of age assurance becoming a mechanism for market capture by tech giants like Meta and Google was also a popular topic of discussion.

Those fears came to a head this week when a Reddit user pointed out that the Github repository for the EU’s white label app’s source code includes a disclaimer that appears to make owning a Google account necessary to use it, and give the company say over whether any app on an Android phone can be used. The disclaimer says that the current Age Verification (AV) Android Implementation is only intended to deliver basic functionality. But future versions will include “App and device verification based on Google Play Integrity API and Apple App Attestation.”

The problem with this approach is that it means any app would have to be downloaded from the Play Store, by a person with a Google account, and running on an OS licensed by Google. This means anyone running GrapheneOS, for example, would be effectively unable to use any app requiring an age check in Europe.

The issue was flagged by the community, and though no response was posted in one of the Github threads dedicated to the issue, it did catch the attention of the app’s developers. The panic is premature, Scytales Co-founder and Chief Communications Officer Anna Seddigh tells Dutch tech news site Tweakers.

“The app must be able to verify the device and that can be done in various ways. This is a white label app, so apps based on it can verify the device in multiple ways,” Seddigh explains, as machine-translated. “The Play Integrity API is one of them.” Key attestation will also likely be supported, according to Seddigh. She points out that the code is still in development, and responding to community input is part of the process.

The issue may be resolved for the EU’s Age Verification app, but the general problem of how to ensure app integrity without relying on the dominant OS providers has cropped up elsewhere. Commenters on Reddit noted similar issues with Denmark’s MitID and Norway’s BankID. The digital ID’s work only with Android or iOS unless the user employs a physical authenticator device.

Apps that are independent of the U.S. OS duopoly’s official distribution channels should still be available to people in the EU after age check requirements take force, but there are clearly broader challenges around ensuring the integrity of devices and apps without forcing everyone to rely on the mobile ecosystem’s dominant players. 

Frequently Asked Questions (FAQS): 

Q: What is the EU Age Verification app?

A: The EU Age Verification app is a tool being developed to ensure that users meet age requirements for accessing certain digital services and content, such as age-restricted websites and apps.

Q: Why was there concern about the app's reliance on Google and Apple?

A: There was concern that the app would only work with Google and Apple's approved systems, potentially excluding users of alternative operating systems and devices.

Q: How did Scytales address these concerns?

A: Scytales reassured the public that multiple methods of ensuring app integrity will be available, not just those controlled by Google and Apple. They emphasized that the app is still in development and will support key attestation and other verification methods.

Q: What are some similar issues in other countries?

A: Similar issues have been noted with digital ID systems in Denmark (MitID) and Norway (BankID), where the systems often only work with Android or iOS unless users employ physical authenticator devices.

Q: What are the broader challenges in ensuring app integrity?

A: The broader challenges include ensuring the integrity of devices and apps without forcing everyone to rely on the dominant mobile ecosystem players, such as Google and Apple, and making sure that independent apps can still be used effectively. 

More Related Topics :