The European Commission introduced its age verification app with strong claims. Ursula von der Leyen said users could prove their age without sharing extra personal data. She said the app met the highest privacy standards, blocked tracking, and was fully open source. She also said it was ready for use. The message was clear: platforms could no longer claim that safe age checks were not possible.
Those claims did not last long.
The Rapid Deconstruction of Trust in Digital Identity
Within a day, a public demo showed how to bypass the app. The process was simple. The PIN that protects the stored credential could be skipped. The lockout feature could be reset. The biometric check could be turned off. After that, the app still produced a valid age credential. No special tools were needed. The demo was short and easy to follow.
That matters. When a skilled attacker breaks a system after months of work, it shows one kind of risk. When a basic walkthrough breaks it in hours, it points to weak design. It suggests the system was not ready for public use.
Other findings raised deeper concerns. The app’s handling of biometric data during scans showed clear gaps. When a user scanned an ID with NFC, the app pulled the facial image from the chip. It saved that image to the device as a PNG file. The file was only deleted after a full and successful scan. If the scan failed, or the user stopped it, or the app crashed, the image could stay on the device.
its
The issue was worse for selfie capture. Those images were saved to external storage in the same format. They were not always deleted. That means sensitive biometric data could sit on a device without protection. Any app with storage access could read it. This risk does not go away just because the final credential is encrypted. If the source data leaks, the damage is already done.
These are not edge cases. Failed scans and app crashes happen often. A secure system must handle them with care. It must not leave traces of sensitive data behind. In this case, the app did not meet that basic standard.
Security, Scrutiny, and the Ethics of Age Verification
The gap between the claims and the reality is hard to ignore. The Commission did not present the app as a test build. It did not say it needed more work. It said the app was finished, private, and ready. That set a high bar. The early findings show the app did not meet it.
Child safety was a key part of the launch message. That framing carries weight. It makes it easier to push new systems into use. But it does not fix weak security. An app that fails basic checks does not become safe because it aims to protect children. If anything, the stakes are higher. Systems tied to identity and age must work well from the start.
There is also a wider issue. Tools like this can shift what people accept as normal. If age checks tied to ID and biometrics become common, they change how people access online services. That shift may happen without full debate if the tools are seen as safe by default.
The app was meant to show that privacy-friendly age checks are possible at scale. The early break and the data handling flaws suggest a different story. They show that the bar for “ready” may have been set too low.
None of this means age verification cannot be done well. It can. But it needs strong design, careful testing, and honest claims. It needs systems that protect data at every step, not just at the end. It also needs time. Rushing a tool into use, even with good intent, can create new risks.
The lesson here is simple. Bold claims invite close scrutiny. If a system handles identity and biometrics, it must earn trust through solid engineering. Clear language cannot replace that work.
