EU Age Control app analyzed as potential digital ID trojan horse
Original: EU Age Control: The trojan horse for digital IDs
Why This Matters
Reveals potential infrastructure for digital ID systems disguised as privacy-focused age verification.
Technical analysis of EU's age verification reference app reveals gaps between marketed privacy features and actual implementation. The system allows fallbacks to standard KYC providers and has cryptographic weaknesses.
A detailed technical examination of the EU Age Control reference app shows significant discrepancies between its privacy-preserving marketing and actual functionality. The analysis identifies three key concerns: platforms can bypass the privacy-focused wallet system using standard KYC providers under DSA fallback rules, Google and Apple control which software can run the attestation system on phones, and the implemented cryptography differs from marketing claims with unlinkability depending on wallet behavior rather than mathematical guarantees. The system is also vulnerable to relay attacks that the protocol cannot prevent. Documentation changes show the project evolved from a direct implementation to a 'reference toolbox' for Member States, with disclaimers about production readiness quietly removed in July 2025 updates.