EU Age‑Check App Hacked

The European Commission said its new age-check app was ready on April 15, then independent researchers said they could break key protections in about two minutes. (politico.eu) The app is meant to let people prove they are old enough for age-restricted sites without handing over their name or full ID details to the platform. The Commission says it is open source, built for use across the European Union, and tied to enforcement of the Digital Services Act. (digital-strategy.ec.europa.eu) European Commission President Ursula von der Leyen said on April 15 that the app was “technically ready” and would be available soon. Two days later, Commission officials said they were issuing a new version after developers flagged vulnerabilities in code published on GitHub. (commission.europa.eu) (rte.ie) Researchers told Politico the published build stored sensitive data on a phone without protection and could let someone bypass biometric checks such as a PIN or Touch ID. Cryptography researcher Olivier Blazy said a minor could use an adult’s unlocked phone to pass the check. (politico.eu) The Commission said the code under attack was a demo version released for testing and development, not the final product for citizens. Spokesperson Thomas Regnier said the app was not yet available to download and that the code would be “constantly updated and improved.” (politico.eu) (rte.ie) The push comes as France and other European countries press for stricter limits on children’s access to social media and adult content. The Commission has pitched the app as a common tool member states can plug into national systems instead of relying on simple “I am over 18” pop-ups. (rte.ie) (digital-strategy.ec.europa.eu) The technical model is a “mini-wallet,” a stripped-down digital ID app that is supposed to answer one question — are you above a set age — without exposing the rest of your identity. The Commission says it is built on the same framework as the European Digital Identity Wallet due by the end of 2026. (digital-strategy.ec.europa.eu) Privacy groups say the security bugs are only part of the dispute. The Center for Democracy and Technology said on April 15 that wide-scale age checks can create risks for anonymity, free expression, undocumented children, journalists, and people in exile if safeguards are weak or unclear. (cdt.org) The Commission says the opposite: users will be able to prove they are above a certain age, share no extra personal information, and avoid activity tracking. That promise is now being tested in public, in the app’s code, before the app reaches phones. (digital-strategy.ec.europa.eu)