New version of EU age verification app to follow biometrics bypass, exposure claims

A new version of the “technically ready” EU age verification app released on Wednesday is expected any time, an official said after commentators online claimed to have discovered privacy and security vulnerabilities in it. Independent developers claimed the vulnerabilities could expose sensitive data stored on user’s devices, including biometrics, and also allow users to bypass the app’s biometric authentication features, a white hat hacker told Politico.

The European Commission unveiled the app as ready but not yet available to the public. The developers behind the app, Scytáles and T-Systems, presented it to the age assurance community at the Global Age Assurance Standards Summit. Almost immediately, reports of vulnerabilities from security analysts and began appearing on social media.

“DG Connect and the contractor have taken immediate steps,” said EC Digital Spokesperson Thomas Regnier following the revelations. “A new version has just or will soon today be updated. So this is what I mentioned, the code will be constantly updated and improved. It’s open source, and I cannot today exclude or prejudge if further updates will be required or not.”

Regnier characterized the latest version of the app’s open source code found on GitHub as a demo version. He emphasized that the age verification app’s developers are listening to feedback, and that in the long term it will meet the “highest privacy standards globally.”

Article Topics

age verification  |  authentication  |  biometrics  |  data privacy  |  digital ID  |  EU age verification  |  Europe