Which was the motivation for cryptographically attesting the boot process and OS, and in part paved the way for app attestation.

There are alternatives though: The Android Hardware Attestation API enables attestation on custom ROMs, but the attestation verifier needs a list of hashes for all "acceptable" ROMs. GrapheneOS publishes these but there's nobody, to my knowledge, maintaining a community list.

I said the title is misleading, which it is.

Your argument that app attestation should be avoided because big tech company can withhold it is garbage. It holds no water. They can cut off access to the app in general by removing it from the app stores and the devices that have it installed.

American big tech has Europe in a stranglehold, I agree with your sentiment there.

eIDAS can be used with the ID reader on Linux even, there's no lock out. They want to offer a convenient alternative for the normies, in a secure manner, I don't mind.

Edit: my 70 y/o mother even eIDAS authenticates (not germany, other EU country) on Linux Mint. There's no argument for lockout in my anecdotal perspective.

App attestation can fail on simulators, Graphene OS, dev builds, I've seen it all. There is one check you can do to see if an app was side loaded, so indirectly, can require Google account.

Title is still misleading though, as it explicitly mentions accounts.

But in pure technical & UX terms, you don't need to be logged in.

Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.

App attestation does not require an Apple account nor a google account. For Android, it does limit the ROMs to Google certified ones and requires GMS to be installed if Play Integrity is used. An alternative option, would be to use the Hardware Attestation API directly, GrapheneOS would be thanking you.

I've spent a good amount of time implementing exactly this type of system for a backup service.

his document specifies a way to cryptographically attest the integrity of a HTTP request hitting a server.

The attestation proves the request came from a device and attest the legitimacy of the bootloader, OS and app.

Google and Apple are in a privileged position to be able to bypass the app attestation though, so depending on the threat model, it's not bulletproof.

edit: Play Integrity could the worst offender here, as it can be leveraged to force a user to have installed the app through the Play Store. Indirectly, requiring a Google account.