A leading cybersecurity researcher demonstrated how the European Union’s new age verification app can be bypassed in less than two minutes. The app, intended to restrict access to adult content, was shown to lack basic security measures. The expert highlighted that PIN codes are not linked to identity data and biometric images are stored unencrypted on devices. This raises serious privacy concerns and questions about the app’s readiness ahead of its planned rollout across EU member states.
The researcher, who requested anonymity, said the app’s design flaws make it vulnerable to exploitation. PIN codes, which should verify a user’s age, operate independently of identity verification systems. Biometric data, including facial scans, is stored locally without encryption, meaning the information could be accessed or manipulated by unauthorized parties. The expert warned that this violates fundamental data protection principles under the EU’s General Data Protection Regulation (GDPR).
EU officials had previously stated the app was ready for deployment. The agency responsible for the app, the European Digital Identity Framework team, has not yet responded to requests for comment. The app is part of a broader initiative to create a standardized digital identity system across the EU, aimed at reducing fraud and ensuring age-appropriate access to online services.
Privacy advocates have criticized the app’s security gaps. They argue that storing biometric data unencrypted on personal devices creates unnecessary risks. The researcher’s findings suggest the app may need significant revisions before it can be considered secure. The EU has not indicated whether the launch will be delayed to address these issues.
Source: itavisen.no