hopefully the protocol is open source too. I'd hate to find that it just works on iOS and Google certified Android.

Should all be open, but I don't know for sure. Works with ungoogled android unless something changed.

https://github.com/Governikus/AusweisApp

That's very cool and good to hear. Thanks for sharing!

I think that ends up being a more difficult problem than just open source. There will have to be some cryptography at play to make sure the age verification information is actually attested by your government.

It would be possible for them to provide an open-source app, but design the cryptography in such a way that you couldn't deploy it anyway. That would make it rather pointless.

I too hope they design that into the system, which the danish authorities unfortunately don't have a good track record of doing.

And the reference implementation requires google play integrity attestation so you are forced to use a google approved device with google approved firmware and a google account to download the application in order to participate. Once this becomes implemented, you are no longer a citizen of the EU but a citizen of Google or Apple and a customer of the EU:

Quick google (on my phone, so not certain) says it works with microg as of August

Yeah, sorry I mixed up the old German Ausweisapp and the euID Reference App

How does the site verify that the ID being used for verification is the ID of the person that is actually using the account? How does the site verify that a valid ID was used at all?

If the app is open source, what stops someone from modifying it to always claim the user is over 18 without an ID?

Not that I understand it, but AFAIK that's cryptography doing it's thing.

And using someone else's Id and password is the same as every method of auth