India Drops Proposal to Require Biometric ID App After Strong Opposition

Reuters reports that the Indian government has decided it won’t go through with a proposal to require operating systems to preinstall the biometric ID app Aadhaar.

The Aadhaar app is a unique number tied to an individual’s iris and fingerprint scans, used for verification purposes such as in banking or telecom services. It’s used by nearly 1.34 billion Indians.

Back in January, UIDAI, the state body in charge of Aadhaar, asked the IT ministry to work with Apple, Google, and other smartphone manufacturers on the possibility of mandating pre-installing the Aadhaar app.

The IT ministry gave Reuters no reason as to why they decided against the proposal.

Reportedly, this was the sixth time in only two years that the Indian government sought requiring some kind of pre-installed state software on smartphones. Each one was heavily opposed by smartphone manufacturers.

Smartphone makers flagged concerns about device security and compatibility when they received the Aadhaar preload proposal, and also flagged higher production costs as they ‌would have ⁠been required to run separate manufacturing lines for India and export markets, according to documents reviewed by Reuters.

Further, an anonymous senior Indian official told Reuters that the IT ministry is “not supportive of any preloading of apps.”

With no support from the IT ministry or any device manufacturers, it’s no surprise the proposal died.

Apar Gupta, founder of the New Delhi-based digital advocacy group the Internet Freedom Foundation, welcomed the news, saying “hopefully it is a welcome exercise of regulatory restraint that recognises that citizens carry their phones as ​extensions of their autonomy, not as vessels for government order.”

With the ongoing international push for age verification in so many countries these days, they’re scrambling for effective methods that aren’t easily bypassed.

Submitting photos of identification documents is both easy to forge and a huge privacy and security risk, with multiple cases now of people’s ID photos leaking online.

Some companies try to solve this with digital scans of your face to prove your age, claiming that the scans aren’t sent anywhere. However, the technology can be easily bypassed and possibly leaked in data breaches, not to mention that giving websites camera access is never a good idea.

A digital ID is a solution many countries have landed on to fix these problems, supposedly being both privacy-preserving and difficult to bypass.

There are standards made by organizations like ISO and W3C that lay out how digital IDs and credential should work. Apple and Google support digital IDs in their digital wallet applications and support private age verification through the use of zero knowledge proofs

However, each country seems to want to make their own digital ID, each with their own quirks and security issues.

The EU recently announced that their digital ID was ready to launch. It was hacked in minutes.

The FIDO Alliance is working on making digital credentials more standardized and especially focussing on standardizing digital wallets, so embarrassing situations like this don’t happen again.