Two things stack here. The rejection is not really a bug. Many age-check flows lean on device attestation and Play Integrity style signals, so a de-Googled phone can read as "unverifiable" precisely because it refuses the telemetry the check wants. And the data side is worse than the lockout. Handing a vendor your face for an age estimate is handing over a credential you cannot reissue once their store leaks, and identity databases leak on a long enough timeline. The threat model people skip is not "will they reject me" but "who holds my biometric after they accept me, and under what breach assumption."
Two things stack here. The rejection is not really a bug. Many age-check flows lean on device attestation and Play Integrity style signals, so a de-Googled phone can read as "unverifiable" precisely because it refuses the telemetry the check wants. And the data side is worse than the lockout. Handing a vendor your face for an age estimate is handing over a credential you cannot reissue once their store leaks, and identity databases leak on a long enough timeline. The threat model people skip is not "will they reject me" but "who holds my biometric after they accept me, and under what breach assumption."