The European Commission spent more than a year, four million euros of the tendered budget, and considerable political capital building an app that would, in Ursula von der Leyen's words, meet "the highest standards of privacy available." It was open source, built on zero knowledge proofs, ready for member states to plug into their national digital wallets. Brussels unveiled it on 14 April with a press conference, a tagline about platforms having "no more excuses," and a video call between Emmanuel Macron, von der Leyen, Giorgia Meloni, Pedro Sánchez, and a dozen other European leaders to coordinate the political push behind it.
Less than 48 hours later, a UK security consultant named Paul Moore posted a screen recording on X showing him bypass the entire authentication system in under two minutes, using nothing more than a text editor on an Android phone.
He did not exploit a cryptographic weakness. He did not write malware. He opened a file named "shared_prefs", deleted two values labelled "PinEnc" and "PinIV", restarted the app and was prompted to set a new PIN, which then granted him full access to the original user's verified identity credentials. The same configuration file held a counter for rate limiting, which could be reset to zero to allow unlimited PIN guessing. It also held a boolean flag, "UseBiometricAuth" which could be flipped from "true" to "false" to disable fingerprint or face unlock entirely. Three locks, all of them stored in a file the user owns, all of them editable.
Moore's verdict, posted publicly: "Seriously, Von der Leyen, this product will be the catalyst for an enormous breach at some point. It's just a matter of time."
What Brussels actually built, and what it forgot
The app is the product of a €4 million tender awarded in February 2025 to a consortium called T-Scy, made up of Sweden's Scytáles AB and Deutsche Telekom's IT subsidiary T-Systems. Scytáles already holds the contract to build the reference implementation of the European Digital Identity Wallet, the much larger eIDAS 2.0 project that every member state must offer its citizens by the end of 2026. The age verification app was designed as a kind of bridge, a smaller, single-purpose tool to satisfy obligations under Article 28 of the Digital Services Act, which requires platforms accessible to minors to take appropriate measures to protect them.
The architecture, on paper, is genuinely interesting. A user loads a passport, national ID card, or bank-issued credential into the app once. From then on, when an online service asks whether the user is over 18, the app generates a cryptographic proof attesting only to that fact. No name, no date of birth, no document number leaves the device. This is the zero knowledge proof model, and it is one of the better cryptographic ideas to make it out of academic computer science in the last two decades. Done properly, it lets you prove a statement is true without revealing any information beyond the truth of the statement itself.
The Commission was so confident in this design that it released the source code on GitHub. Open source as a transparency feature, the launch material said. Anyone could verify the security claims for themselves.
That, of course, is what happened. Within hours of the code going live, researchers were pulling it apart. The flaws Moore found are not in the cryptography. The zero knowledge proof component, as far as the public review has gone, appears to do what it claims. The flaws are in the layer of code wrapped around it, the part that is supposed to make sure only the legitimate user of the device can invoke that cryptographic proof in the first place.
Storing a PIN encrypted in a file on the user's own device is, as Moore put it, a really poor design to begin with. The user controls the device. The user can read, modify, or delete any file the app writes. Encryption only helps if the key is held somewhere the user cannot reach, which on Android means the hardware-backed Keystore, and even then it only helps if the encrypted blob is cryptographically tied to whatever it is supposed to protect. In this app, it is not. The PIN file lives in "shared_prefs". The credentials live in a separate vault. Nothing in the vault checks whether the PIN file has been tampered with. Delete the PIN, the app shrugs, asks you to make a new one, and hands you the contents of the vault.
The biometric flag is worse. A boolean called "UseBiometricAuth" sitting in plain text in a config file, governing whether biometric authentication is required at all, is the kind of mistake a security review at a mid-sized bank would catch in the first hour. There are well-documented Android patterns for binding biometric authentication to keys in secure hardware. None of them involve a true/false toggle in user-writable storage. This is not an obscure failure mode. It is a textbook one.
A separate architectural flaw, surfaced in March by independent researchers studying earlier builds, makes the picture worse. The system, as designed, has no reliable way to confirm that the original passport or ID validation was performed on the actual user's device. A determined attacker can, in principle, generate valid age proofs on their own equipment and inject them into someone else's session. This is the kind of problem that tends to grow with deployment scale, not shrink.
┌─────────────────────────────────────────────────────────────────┐
│ EU Age Verification App │
│ │
│ ┌──────────────────────┐ ┌─────────────────────────┐ │
│ │ shared_prefs file │ │ Identity Vault │ │
│ │ (USER WRITABLE) │ │ (verified credentials) │ │
│ │ │ │ │ │
│ │ PinEnc: <bytes> │ ──X── │ Passport data │ │
│ │ PinIV: <bytes> │ no │ Age attestation │ │
│ │ RateLimit: 3 │ link │ Cryptographic keys │ │
│ │ UseBiometricAuth: │ │ │ │
│ │ true │ │ │ │
│ └──────────────────────┘ └─────────────────────────┘ │
│ ▲ │
│ │ │
│ ┌────────┴────────────────────────────────────────────────────┐ │
│ │ Attacker with device access edits the file: │ │
│ │ • Delete PinEnc + PinIV → app prompts new PIN │ │
│ │ • Reset RateLimit to 0 → unlimited guesses │ │
│ │ • Set UseBiometricAuth → biometrics skipped │ │
│ │ to false │ │
│ └─────────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
A political project meets a technical reality
The speed of the Commission's rollout is the part that has irritated the European Parliament most. Markéta Gregorová, the Czech Pirate MEP leading work on a new EU cybersecurity bill, told Politico that the process was being "rushed under political pressure." Birgit Sippel, the senior German Social Democrat on the civil liberties committee, called the result a "half-baked app solution that doesn't live up to the EU's own standards." Piotr Müller, a Polish MEP from the European Conservatives and Reformists, was blunter: "We cannot agree to the step-by-step creation of a Chinese-style internet in Europe."
This is a useful reminder that the criticism is not coming from a single ideological corner. Pirate, Social Democrat, conservative, all converge on the same complaint, which is that a piece of identity infrastructure intended to sit on the phones of hundreds of millions of Europeans was shipped before it was finished.
The political pressure Gregorová was referring to is not abstract. Macron convened a video conference of European leaders the day after the app launched. Von der Leyen attended, as did Meloni, Sánchez, and the heads of government of nine other member states. The official subject was children's safety online. The practical subject was building a coalition to make age verification, and by extension digital identity wallets, a default condition of European internet use. Macron has been particularly forceful, telling participants that a previous French experiment with parental consent had been ineffective and unfair and arguing that the responsibility must shift to platforms and governments. Seven member states, France, Spain, and Italy among them, have already committed to integrating the age verification function into their national digital identity wallets when those launch later this year.
Set against this enthusiasm is a body of expert opinion that has been building for months. In early March, an open letter signed by more than 400 security and privacy researchers from over 30 countries called for a moratorium on age verification deployments "until the scientific consensus settles on the benefits and harms that age-assurance technologies can bring and on the technical feasibility of such a deployment." The signatories, many of them the same cryptographers and privacy engineers whose work underpins technologies like zero knowledge proofs, are not arguing that protecting children online is unimportant. They are arguing that the current generation of age verification systems will not actually achieve it and will create new harms in the process.
One of those harms is concrete and already visible. When the United Kingdom's Online Safety Act came into force in July 2025, search interest in VPNs surged by an estimated 6,430 percent in the days that followed. Free VPN apps shot to the top of UK App Store charts. Some of those apps are operated by companies with no meaningful privacy practices, monetizing user traffic by selling browsing data or, in the worst cases, distributing malware. The age verification regime did not stop minors from accessing adult content. It pushed them toward worse infrastructure to get there.
The Australian experience tells a similar story. Canberra's social media ban for under-16s came into effect on 10 December 2025, with potential fines of up to AU$49.5 million for non-compliant platforms. Within hours, Australian teenagers were posting on TikTok itself about how they had bypassed it. The eSafety Commissioner instructed platforms to "stop under-16s from using VPNs" but offered no technical specification for how they should do so. Platforms have responded with a patchwork of IP blacklists, geolocation cross-checks, and behavioral signals like photo metadata. The result, as one University of Sydney researcher put it, is that the system was never going to work flawlessly, and it does not.
What makes the European approach different in theory and what made the Commission so confident is the privacy preservation built into the cryptography. A user does not have to upload their passport to a platform's server. The Discord breach in 2025, in which a third-party verification vendor leaked roughly 70,000 government-issued ID photos, is exactly the kind of incident the EU app was designed to make impossible. Zero knowledge proofs solve that problem elegantly. They cannot solve it if the wrapper around them lets an attacker reset the PIN by deleting a file.
The Commission's response, so far, has been muted. The app is described as a prototype and a reference implementation, a language that allows for the position that the discovered flaws are precisely what an open source release is supposed to surface. This is true, technically. It is also true that von der Leyen, two days before Moore's video, told an audience in Brussels that the app was technically ready and met the highest privacy standards in the world. Both things cannot be correct at the same time. Either the launch communication overstated the maturity of the product, or the security community is wrong about what it found. The published code, available to anyone with a GitHub account, makes the second position difficult to defend.
The app was built under a two-year contract. Patching a fundamental architectural flaw in government-procured software is not a matter of pushing a hotfix. It involves reopening the procurement, coordinating with member states, conducting a security audit, and republishing through whatever review channels the Commission and the contractors have agreed on. Plan for months, not weeks. In the interim, France, Spain, Italy, and four other countries are preparing to integrate this same code into the national wallets that will, in some cases, become the default mechanism for proving identity online.
There is a version of this story in which the public review process worked exactly as intended. A flaw was found and will be fixed, and the next iteration will be stronger for it. Open source identity infrastructure is genuinely better than the closed alternative, and the principle that hundreds of researchers can pick apart the code of a system they will be required to use is, on its own terms, a democratic improvement on what came before.
There is another version in which a piece of critical national infrastructure was shipped before it was ready, in service of a political timeline driven by leaders who have decided that age verification is now the answer to a question about children and the internet that the technical community does not believe age verification can answer. In this version, the bypass Moore demonstrated is not an embarrassing teething problem. It is the predictable consequence of a process that was rushed, and the next breach will not be a security researcher posting a video on X for educational purposes.
When a security consultant can defeat your authentication system with a text editor in less time than it takes to make a coffee, the problem is not that the world has too many hackers. The problem is that you shipped.