Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology10 min read

The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app' | TechRadar

The European Commission promises its app is a secure and private solution to let citizens prove their age without exposing their sensitive data. While it's a...

TechnologyInnovationBest PracticesGuideTutorial
The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app' | TechRadar
Listen to Article
0:00
0:00
0:00

The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app' | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app'

It's an improvement compared to existing solutions, but security experts still aren't convinced

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Photo by Dursun Aydemir/Anadolu via Getty Images)

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

On April 15, the European Commission announced its age verification app was "technically ready." A week on, the app is already facing its first privacy and security hurdles — but the problem may go deeper than just one bug in the system.

President Ursula von der Leyen maintains there are "no more excuses" to delay mandatory age verification. Drawing on the framework of the COVID-19 certificate app, the Commission has built a template that EU member states are now expected to use for their own national applications.

The app is designed to be user-friendly across all devices while adhering to high privacy standards. Ideally, this will allow citizens to verify their age for restricted content without jeopardizing their most sensitive personal data.

The price to pay — This is why 400+ scientists are calling for a halt to mandatory age verification

Proton CEO warns global age verification push will mean "the death of anonymity online"

Australia 'Swiss cheese-like age verification' may lead to a VPN ban, and digital safety is at risk

"It is completely anonymous: users cannot be tracked," von der Leyen said, claiming that "users will prove their age without revealing any other personal information."

On paper, it's a welcome improvement over current age assurance methods, which often require scanning IDs or biometrics into third-party databases.

These systems have already proven vulnerable; for instance, a breach of a Discord third-party service previously exposed records of more than 70,000 users.

The app has attracted praise from some, with Alex Laurie, CTO of identity management firm Ping Identity, saying it represents "a step toward making decentralised identity a living reality."

However, others remain skeptical and a number of security experts have suggested the issue isn't just a bug or a flaw, but a fundematal issue with the entire approach.

One of the app's primary strengths is its open-source framework, which allows anyone with the necessary technical expertise to inspect the source code for vulnerabilities

Security consultant Paul Moore did exactly that following the Commission's announcement, claiming to have identified a critical flaw in under two minutes. Specifically, he found that the app stored sensitive data — including biometrics and photos — unencrypted on the device.

Discord users are furious about new age verification checks that are coming soon

'Trust me bro': Experts warn the UK's new digital ID approach lacks robust data protections

Australia’s age verification rules: Is a VPN ban on the horizon?

The European Commission claimed to have fixed the vulnerability in a new version released on April 17, as reported by Politico. However, Moore responded with a follow-up test of the updated app and found that it could be easily bypassed.

His verdict? It was still fundamentally flawed. "They've tried to solve a problem they don't truly understand... much like the concept itself," Moore wrote.

When contacted by Tech Radar, European Commission spokesperson Thomas Regnier said the Commission is "very open to feedback," adding that "we're of course ready to improve what can be improved."

Bypassing the #EU #age Verification app - part 2. This time, it's v 2026.04-2 - which won't run on rooted devices & has encrypted shared preferences. If we ignore the fact they've used a 6 year old deprecated library, they haven't actually solved the problem at all. An attacker… https://t.co/7PHMkeo Ba T pic.twitter.com/b 7H5TBBv Cr April 23, 2026

Bypassing the #EU #age Verification app - part 2. This time, it's v 2026.04-2 - which won't run on rooted devices & has encrypted shared preferences. If we ignore the fact they've used a 6 year old deprecated library, they haven't actually solved the problem at all. An attacker… https://t.co/7PHMkeo Ba T pic.twitter.com/b 7H5TBBv Cr April 23, 2026

Ping Identity’s Laurie argues that Moore's findings highlight a "classic honeypot risk," even when localized to a single device. According to the identity expert, the principle of data minimization under GDPR is non-negotiable.

"If an app fails to purge high-resolution passport scans or selfies after a crash or cancellation, it’s creating a toxic accumulation of unmanaged risk for the user," he told Tech Radar.

Laurie maintains, however, that a correctly implemented decentralized identity system could be a major breakthrough, precisely because it would allow users to prove their age without surrendering their entire digital identity to a third-party site.

Moore is less optimistic. While he acknowledges that the Commission is attempting to improve the app's security, he maintains that the primary issue isn't the application itself — it's the underlying framework.

"The concept simply doesn't work, even if the implementation were perfect," he told Tech Radar.

Most security experts agree on one crucial point: the EU’s age verification efforts may fail simply because the system remains easy to bypass

Echoing Moore's view, Bart Preneel — a Belgian cryptographer and professor at KU Leuven — warns against focusing solely on technicalities. He argues that the objections to the EU's initiative are "much more fundamental than a bug in an app."

"Technical flaws can be fixed, and then you can have the impression that the problem is fixed. But the real problem is that you roll out a technology that's not going to work," he told Tech Radar.

Both Preneel and Moore highlighted how Virtual Private Networks (VPNs) and other privacy tools may play in undermining the rollout of age verification measures.

Users could also create modified or fraudulent apps — mirroring the issues seen with fake COVID-19 certificates — but the wider concern is that strict verification may push younger users toward obscure, less-regulated platforms that are often even less secure.

In a rare shift, the app's technical security isn't the primary concern of the experts I spoke to. Instead, it's the underlying concept that cybersecurity specialists, data scientists, and cryptographers believe to be fundamentally flawed.

Preneel is particularly concerned about the "collateral damage" the app could cause — specifically the digital exclusion of individuals without official documentation, such as refugees or migrants.

Despite the Commission’s assurances, Preneel warns the system could lead to the end of anonymity online, potentially allowing governments "to unmask people who criticize them anonymously."

It's a concern shared by Proton CEO Andy Yen, who recently criticized the global push for age verification as a threat to fundamental digital rights.

The real problem is much more fundamental than a bug in an app Bart Preenel, Cryptographer

The real problem is much more fundamental than a bug in an app

Ultimately, Preneel — who was among 400+ scientists calling for a halt to age verification measures — views the issue as structural. While sold as a way to protect minors, he argues these verification mandates may create more problems than they solve.

Consequently, critics suggest the solution lies beyond technology

"Rather than enforcing regulations on the companies, we are putting rules on our own population, which is a very strange response," Preneel noted, suggesting that digital literacy and parental involvement are more effective tools for child safety.

The need to protect children online is real and demands a robust response. Whether a solution exists that can satisfy all stakeholders remains to be seen, but current expert sentiment suggests it is unlikely to be found in a single age verification app.

If such systems are the path governments choose, the focus must shift to ensuring they are implemented correctly. As the experts I’ve spoken to warn, the challenge now is to make sure we don't sleepwalk into a crisis larger than the one they intend to solve.

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone using a VPN service to break the law or conduct illegal activities. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She believes an open, uncensored, and private internet is a basic human need and wants to use her knowledge of VPNs to help readers take back control. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, tech policies, and security software, with a special focus on VPNs, for Tech Radar and Tech Radar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

You must confirm your public display name before commenting

1 The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app'

2 You can get an i Phone 17 on T-Mobile right now — and you don't even need to trade-in

3DJI Lito X1 vs DJI Mini 4K: 7 upgrades for DJI's 5-star beginner drone

4 China-nexus cyber actors' are turning routers and Io T infrastructure into covert botnets 'at scale' – NCSC, Five Eyes, and others warn of campaign involving Typhoon-designated groups

5 South of Midnight PS5 review: the Southern Gothic, folklore-fueled action-platformer casts captivating spells on Play Station 5

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

  • News, deals, reviews, guides and more on the newest computing gadgets

  • Start exploring exclusive deals, expert advice and more

  • Unlock and manage exclusive Techradar member rewards

  • The EU’s age verification app has a privacy problem — and it may be more than just a 'bug in an app'

  • It's an improvement compared to existing solutions, but security experts still aren't convinced

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.

Start saving with Runable todayContact us for any pricing questions