Consumer Rights Wiki

The Italian digital identity wallet only supports Google-certified Android devices

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Overview of IT-Wallet and its technical requirements edit

"IO, l'app dei servizi pubblici" (IO hereinafter) is an app developed by PagoPA S.p.A., a State-owned enterprise which develops tools to make digital public services available in Italy.[1] The app can be downloaded on Android and iOS.[2]

One of the services offered by IO is *Documenti su IO* (IT-Wallet hereinafter), a wallet containing digital identification documents[3], as defined by the eIDAS regulation.

To be able to access the IT-Wallet, the user needs to satisfy certain device integrity requirements, which the app's F.A.Q.s define as (translated from Italian)[4]:

The device should not be compromised, that is, it should not be modified in such a way as to remove the security restrictions imposed by the operating system (for instance, jailbreak on iOS or rooting on Android). Furthermore, it is necessary that the app being executed is the official one, downloaded and signed from the Android and Apple stores (respectively, Play Store and App Store).

On Android, these integrity requirements are checked with the Play Integrity API.[4]

The distribution policy and the implementation of the integrity checks highlighted above pose two issues discussed in the next sections.

Exclusive distribution on Google Play Store edit

IO is distributed on Android exclusively via the Google Play Store, which may not be available on all devices[5] or the user may be running a non-Google licensed or non-Google compatible version of Android, which could not include the Play Store or may not even be eligible to include it. Moreover, users may wish not to install Google services on the device themselves in favor of alternatives.

Android devices are not only those running a version of the OS commercially licensed by Google to include the proprietary Google Mobile Services (GMS), a collection of proprietary applications and APIs from Google, containing Google Play and Google Play services. Devices running Android versions based on or stemming from the Android Open Source Project or devices produced by an OEM with an agreement with Google that does not include GMS should also be taken into consideration.

Manufacturers wishing to ship devices with GMS and the Play Store pre-installed are required to enter into an agreement with Google.[6] Google's position in the app distribution market can be seen as concerning for market competition[7], as it could represent a barrier to emerging distribution channels and app stores.[6]  The European Union itself designated Alphabet (the parent holding company of Google) as a gatekeeper a large digital platform providing core platform services, that needs to comply with specific regulations set forth in the Digital Markets Act with respect to its Google Play platform.[8] One of the purposes of the DMA is to enforce the right of European citizens to have the choice to install preferred apps directly from the web or alternative app stores.[9]

Note that the European Digital Identity Wallet Architecture and Framework Reference explicitly states that wallets can be made available "on other means than the official OS app store".[10]

Use of Play Integrity API edit

The Google Play Integrity API is part of Google Play[11] and its strong integrity check is not compatible with devices running on alternative operating systems. This issue has been reported by the GrapheneOS developers[12] and by IO users.[13][14][15][16]

A more universally compatible solution to check the integrity of the device would be the standard Android hardware attestation API, which would support non-Google alternative operating systems via the whitelisting of their keys.

Impact edit

The design choices of the IT-Wallet make it so that the service is only accessible to Italian citizens using one of two core services from Apple and Google, two foreign companies designated as gatekeepers by the EU Digital Markets Act.[8][17] Furthermore, Android users can only use the IT-Wallet if they have a Google-certified device and OS.

Distributing the app on Android via channels other than Google Play and performing integrity checks via the hardware attestation API instead of the Google Play Integrity API would enable users to access the service on alternative devices and operating systems, not restricting it to services with a dominant position in the market.

References edit

  1. "About us page on PagoPA's website".
  2. "IO F.A.Q.s on how to install the app".
  3. "IO F.A.Q.s on what Documenti su IO is".
  4. 4.0 4.1 "IO F.A.Q.s on technical requirements for the IT-Wallet".
  5. "List of Android devices compatible with Google Play".
  6. 6.0 6.1 "Appendix of report from the UK's Competition and Markets Authority" (PDF).
  7. "Rivals claim Google's 'deceptive' use of Android has been anti-competitive". 2013-04-10.
  8. 8.0 8.1 "EU's designation decision on Google Play" (PDF).
  9. "About the Digital Markets Act".
  10. "Section 6.5.2.2 of the EU Digital Identity Wallet Architecture and Framework Reference".
  11. "Google Play Integrity terms".
  12. "GrapheneOS attestation compatibility guide".
  13. "Forum thread discussing lack of IT-Wallet support on GrapheneOS".
  14. "Issue on IO's GitHub repository".
  15. "/e/os user reports issues with IO on the e Foundation community".
  16. "Users' reports in Google Play reviews of the IO app".
  17. "EU's designation decision on the AppStore" (PDF).
Retrieved from "https://consumerrights.wiki/index.php?title=The_Italian_digital_identity_wallet_only_supports_Google-certified_Android_devices&oldid=22069"