Requirements violates the EU Digital Markets Act (DMA) #756
Replies: 2 comments
-
|
This comment has been moderated because it violates the OWASP MAS contribution guidelines. As stated in our contribution rules, the project cannot be used as a platform for advertisement or unnecessary self-promotion of tools or services. Please refrain from referencing commercial products in this way. Technical contributions should remain vendor-neutral and focus on free and open-source approaches whenever possible. The OWASP MAS Team |
Beta Was this translation helpful? Give feedback.
-
|
We have shared our detailed response in the other discussion, including the updated MASVS-RESILIENCE description. Please refer to this comment for context. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
(This is a copy of one of the issue raised during the EU identity verification app controversy)
The EU Digital Markets Act (DMA) requires competition in app market places.
Safety Net/Google Play Integrity API and other such hardware attestation apis are but a way to subvert the EU requirement to allow competition in app marketplaces by marking devices that follow this guideline as insecure and unattested.
All of these apis will return false if the app isn't installed via the "official store" or if they are installed on devices that have unapproved modifications on them, one common unapproved modification is to install unofficial app stores or to remove the official app store in favor of a another.
There is no morally, ethically, or legally justifiable usage of them.
Beta Was this translation helpful? Give feedback.
All reactions