alt Hacker NewsAnd meanwhile the exact same agency spits out government Android apps that use Play Integrity so citizens cannot ditch Google for GrapheneOS. This is symbolism, the minister does not actually care about digital sovereignty for the citizens.
Replies
> This is symbolism
It is probably unintentional. I work and worked in such projects (in The Netherlands), and the process is -rightfully- chaotic.
Governments typically don't have a central single team that builds all their android apps. They usually write a tender with loads of requirements and app-agencies will then build it. Or freelancers. Or volunteer teams. Or all of that. So there's no central team governed by one minister who can dictate what should happen today. There's hundreds of companies, teams, freelancers, interims, running around trying to make deadlines
Between writing a spec and the delivered app, there's chasms: could be a year between the specs are written and the first app pushed onto a phone. In a (trump)year a lot can change. But also between how specs are requirements or wishes in real life. "No user data may ever reach a google server" (actual specs are far vaguer and broader) may sound good, but will conflict directly with "user must receive push notifications of Foo and Bar". Or "passport NFC data must be attested for login", requiring a non-rooted, android, signed-by-google hardware attestation thingymajick.
So no, this is not malice. Nor incompetence. This is a sad reality, where we've allowed the monopoly to dictate what we, and users, expect, and to have that monopoly be the only option to provide those expectations.
I think it has more to do with ignorance. Device attestation is not trivial to adopt while both Apple and Google promise you a very simple abstraction. So it takes being informed and having leverage in the process to be able to make a difference.
For me the blame is squarely on the technical “experts” who are behind the architecture and implementation of such apps.
Because if they were serious about it, they'd have replatformed completely in 5 minutes.
> This is symbolism
I don't think so. It's more complicated than that. The state is not a monolith. Different heads are doing different things and it's a enormous bureaucracy. The divisions pumping out Android will eventually catch up to what's going on and the vulnerability they're exposing themselves to. These things take time. It doesn't all happen at once. People (who are not very technical, barely knowing what a computer is) need to understand what's going on and that can take a while. Let's just hope they figure it out before it matters.