@vapeloki The issue is, once again, not that the app allows you to bypass age verification or anything with how countries implement it. It’s that the app makes it extremely easy to get the data and spoof someone else, while claiming it’s secure and privacy focused while it is not.
A prectical example would be :
- Someone steals my phone
- They can access the app as they can bypass the PIN
- They can appear and act as myself on any platform that will use the system to verify
No matter how countries implement it or how the app is still “in development”, I’m just saying that this current implementation is insecure and can be very easily hacked besides what is being said on the public spaces like the dedicated website and the twitter account of the president of the EU commission.
I will probably stop replying to this thread now as you keep telling me the same arguments and even when I demonstrate how I disagree with them, you keep repeating the same ones so I’ll just stop wasting my time

@vapeloki I really don’t get what you say with “there is no app”. The repo is literally called " age verification Android application". It’s not an SDK
Also, why shouldn’t it matter what Ursula said?The part of the readme you linked me mentions “In particular, any national-specific enrolment procedures must be implemented by the respective Member States or publishing parties”. This does not relate to the security of how data is stored.

“The current version is not feature complete”, well, it’s not what I’m complaining about. The thing is the feature that are there are not well made and use an approach that don’t focus on security and privacy.

Yes it’s a demo but if they want people to base their implementation based on that, then every implemenation will be faulty. A demo is meant to DEMOnstrate how it’s done. It never says anywhere it’s a prototype and if it was so, they wouldn’t brag about top notch security on their web page.

But anyways, you probably won’t change your mind.

@vapeloki From Ursula von der Leyen on Twitter, april 15th :
“The European Age Verification App is ready”
“Our app ticks all the boxes.
✅ Highest privacy standards in the world
[…]”

The GitHub readme note was added on april 17th, so after the backlash. I guess that means they are aware they need to update stuff, at least, but again it shows how they thought the app was good to go and production ready while it clearly was not.

Obviously Ursula von der Leyen is not a developer of the app so at some point she must have been told by the developers that the app was ready, then people saw it wasn’t so they added the note to the GitHub readme. That’s how I think things went.

@vapeloki While this is a prototype release, yes, it shows they don’t have user privacy at the core of their product despite what the branding seems to imply.

Usually prototypes comes with missing features, but right now the features are in a state with fundamental security flaws and they’d almost need to rebuild a whole app to fix that. Usually a prototype is to prove that a concept works, not how insecure it is.

Also, besides that, the president of the EU commission publicly stated that the app is production ready with the world’s best security standards. See https://xcancel.com/vonderleyen/status/2044340323120193595#m . I don’t think this would get posted if they thought that the app’s security infrastructure was broken and that this is just a prototype 🫤