Your data. Your choice.

If you select «Essential cookies only», we’ll use cookies and similar technologies to collect information about your device and how you use our website. We need this information to allow you to log in securely and use basic functions such as the shopping cart.

By accepting all cookies, you’re allowing us to use this data to show you personalised offers, improve our website, and display targeted adverts on our website and on other websites or apps. Some data may also be shared with third parties and advertising partners as part of this process.

Legal noticePrivacy notice
Jan Johannsen
News + Trends
161

Banking, Wallet and NFC payment: alternative operating systems want to break away from Google

Jan Johannsen
9/3/2026
Translation: machine translated

Google-free Android versions offer more data protection, but Google can exclude them from functions such as banking apps, digital wallets or NFC payments. A new standard aims to change this.

Multiple suppliers of Google-free operating systems have joined forces to create a new standard. This standard is intended to provide proof of security requirements for sensitive apps. For example, for banking, proof of identity or digital wallets.

New standard against Google as gatekeeper

With Volla, Apostrophy, Iodé and /e/OS - more precisely the e.foundation and Murena - several suppliers have joined forces. They want to create a new security standard that enables their devices to run very sensitive applications.

The consortium members' offerings are based on the Android Open Source Project (AOSP). Other Google-free operating systems should also be able to use the new standard. Other - unnamed - manufacturers from Europe and Asia are said to have expressed their interest.

Smartphones should be able to prove their security even without Google.
Smartphones should be able to prove their security even without Google.
Source: Volla

The current global political situation could accelerate support from European politicians. Publishers of government apps in Scandinavia are already looking into whether they can use the new process, Volla reports in a press release.

Google Play Integrity as a problem

«Google Play Integrity» is the name of the service for Android that tells developers whether an app is running on a device with certain security requirements. Only devices with a direct Google connection receive the highest of the three security levels.

Alternative operating systems such as /e/OS, Apostrophy or GrapheneOS can therefore not prove that they fulfil all the requirements of an application. They have to do without important apps and convenient functions such as mobile payment or digital tickets.

UnifiedAttestation as a transparent and secure solution

Work on the new standard has begun under the project name «UnifiedAttestation». Its modular architecture comprises three central elements:

  • an operating system service that can be integrated into an app with just a few lines of code and indicates whether the operating system fulfils the required security requirements
  • a decentralised validation service for checking the validity of operating system certificates
  • an open test suite
The new standard should also bring digital ID cards to devices.
The new standard should also bring digital ID cards to devices.
Source: Volla

The consortium members test and certify each other's smartphones and tablets in a peer review process. This is intended to create transparency and trust. The software is to be published open source under the Apache 2.0 licence - commercial use is therefore free of charge.

Practical use is still a long way off

The project is still in its infancy: technical implementation has only just begun and there is no public timetable. Even when the system is in place, publishers will still have to adapt their apps. It will therefore be some time before banking apps can be used under /e/OS or boarding passes under Iodé.

Supplement: GrapheneOS is not included

GrapheneOS has commented on UnitedAttestation on Bluesky, among others. For them, the project is not a solution to the problem of Google Play Integrity. In their opinion, it only replaces the Google bouncer with a European bouncer that monitors which operating system people install. This would not increase security. The EU should rather ban attestation completely.

Instead, the hardware should be able to identify itself as worthy for applications with sensitive data - such as via the «Auditor App» from GrapheneOS. However, this would require governments and banks to define standards that must be adhered to. It must also be ensured that even the smallest projects can be certified at no cost.

Header image: Jan Johannsen

16 people like this article

User Avatar
User Avatar
Jan Johannsen
Senior Editor
Jan.Johannsen@galaxus.de

As a primary school pupil, I used to sit in a friend's living room with many of my classmates to play the Super NES. Now I get my hands on the latest technology and test it for you. In recent years at Curved, Computer Bild and Netzwelt, now at Digitec and Galaxus. 

News + Trends

From the latest iPhone to the return of 80s fashion. The editorial team will help you make sense of it all.

Show all

These articles might also interest you

  • News + Trends

    Google lowers Play Store fees: What's really behind the change of course?

    by Luca Fontana

  • News + Trends

    Swiss innovation: switch between two mobile systems at the touch of a button

    by Lorenz Keller

  • News + Trends

    Secure Android without Google: Motorola collaborates with GrapheneOS

    by Jan Johannsen

1 comment

Avatar
later