logoalt Hacker News

perching_aixtoday at 9:14 AM1 replyview on HN

I guess it's that time of the week again. Do we have a sockpuppet account to welcome in you by any chance?

The (actual) complaint of the thread appears to be resolved already (which would make sense given this is old news):

> In the README, the following is listed:

>> App and device verification based on Google Play Integrity API and Apple App Attestation

The README.md does not appear to feature such a section (nor any of the other files for that matter).

Separately, the title is editorializing, and falsely suggests there's some big bad EU app, even though the app that does exist is merely a reference implementation, not for end user usage. There's a reason the repository you're linking a discussion thread from only holds specs.

Edit:

> the specification does not prohibit it

My account has been rate-limited, so I'm not able to reply directly. Nevertheless, I'm sure you can appreciate that your title is still quite the lie then. "Not prohibiting it" is very different from "forcing", after all.


Replies

roundabout-hosttoday at 10:27 AM

In the thread you will find many examples of national implementations which do require attestation. It was removed from the README as a PR measure, but in practice the specification does not prohibit it, so national implementations will still use it.