-
@domubpkm
Why would french (and European ?) banks have the obligation to provide smartphone agnostic solution for online banking payment security, and institutional agencies not ?https://www.caisse-epargne.fr/comptes-cartes/securisez-vos-moyens-de-paiement-sur-internet/
Réaliser les deux saisies d’informations suivantes : le code reçu par SMS puis votre mot de passe de Banque à distance.
-
@pparent I do not question any of these rational arguments
.. -
@pparent Thanks for posting that article, I hadn't heard.
Low probability of success can be offset by low cost and high value of success.
I think the moment we're in presents opportunity like never before. In addition to the French government looking at digital sovereignty, the Danish government is trying to get away from American tech companies. I could imagine many other governments may be considering this.We don't have the interoperability rules here in Canada, but I'm still going to be suggesting to my member of parliament and a couple of ministers that the government should be proactive in examining and acting on the threat posed by the fact that most members of our government, military, and general populace use privacy-intrusive smartphone OSes controlled by a couple USA-based tech companies whose CEOs have already demonstrated a willingness to comply with what increasingly demonstrates itself to be an aggressive and authoritarian government.
(I respect the forum's rules about not getting political and hope this didn't cross any lines, but I think what I said is factual and relevant to the point I'm making. I'm not taking a position here on whether annexation is cool, just trying to explain why I think there's an opportunity for UT.)Matrix has benefited from being adopted by various governments and militaries, even if in pilot projects. The challenge is much greater with mobile OS adoption, but if the resources and the need are there, it doesn't seem impossible.
My government, for example, is suddenly trying to spend vastly more than ever before on the military and routinely falls short of its spending targets. I could make the argument that a secure, private and functional mobile OS is of strategic military importance
And I will! Opportunities like this don't always last very long. -
For info, what could have helped for now, I looked on the Aurora Store and the France Identity app is noted (Plexus) as having a low level of compatibility with de-Googled devices (could be Volla phones using volla OS) using the micro G project.
-
" Il est également interdit d’utiliser l’application France identité sur un ordiphone Rooté ou Jailbreaké."
“It is also prohibited to use the France Identité app on a rooted or jailbroken smartphone.”
https://france-identite.gouv.fr/conditions-generales-utilisation/
I guess it currently does not work on rooted Android, and on custom Roms, and obviously on Waydroid.
-
@pparent This should partially work with Micro G as mentioned under plexus, but it's vague. And already, if the app was 100% compatible with Micro G, it would be useful.
-
@pparent
Hello.
I was wondering if the UBports Foundation could contact one of the members of the European Parliament mentioned in this article to discuss a survival strategy...
(sorry, it's in French...
)
https://linuxfr.org/news/la-commission-europeenne-publie-une-feuille-de-route-sur-le-logiciel-libre -
Well I'm not sure but given what I have published above, It could mean that it can only work by design on an un-compromised google certified devices ( I've read that there exists so-called technologies as "Android hardware-backed keystore" and "Trusted Execution Environment" , could the app possibly rely on that? ). So maybe it's not working with microG because they don't want it to, because they want the app to run only on a so-called "safe envieronement" provided by google.
-
@pparent said in French ID app interoperability.:
so-called "safe envieronement
We can say that ! Because if you read all the precautions they take concerning the app, it's a bit like the instructions for a medication: once you've read it, you no longer want to take the medication at all!
-
@pparent said in French ID app interoperability.:
Well I'm not sure but given what I have published above, It could mean that it can only work by design on an un-compromised google certified devices ( I've read that there exists so-called technologies as "Android hardware-backed keystore" and "Trusted Execution Environment" , could the app possibly rely on that? ). So maybe it's not working with microG because they don't want it to, because they want the app to run only on a so-called "safe envieronement" provided by google.
This kind of stuff is happening more and more. Even apps like the ChatGPT app for Android require "Play Integrity." It's an API that needs to be made illegal, and a lot of national apps are relying on it too. For example, the Icelandic app Auðkenni used to work without it, but now your device has to be "secure" in order to use the app. Thankfully, in that case, there is an alternative method of authentication using SIM Toolkit.
MicroG is able to execute SafetyNet/Play Integrity, but the device has to have the bootloader locked and a bunch of other stuff. And depending on level of attestation required by the app, it may or may not actually run.
