Even Aadhaar app is not safe. As per the claims by French security researcher Robert Baptiste, UIDAI’s prestigious mAadhaar app, which enables users to save a digital version of the 12-digit unique identity card, has become vulnerable to potential data breach. Further, he has also explained the flaw in a one-minute long video posted on Twitter.
The bad coding of the app is actually being depicted as the reason for an attacker to bypass the password mechanism of the app, further read the tweet.
This also included and read something like, “The main issue with the Aadhaar Android app is that if an attacker has a physical access to the device, he can easily bypass the password mechanism of the app,” tweeted Baptiste. The UIDAI, however, is planning to add a feature called Virtual-ID as an extra layer of security. But it’s not sure if the new feature can resolve the issue.
Other than the mAadhaar app stores, other things include user password data (hash), notification, Ki value, electronic-Know Your Customer (e-KYC) profile data, Biometrics, Bio Lock Timeout and the App Configuration.
Also, as explained by a cybersecurity researcher, the e-KYC contains information such as, “User Id, Aadhar Id Name, date of birth, gender, address, and photo. UIDAI stores these biometric data in the user’s phone and if the phone is compromised so is the information”.
In January, Baptiste had pointed out four major flaws due to bad coding of the mAadhaar app in a series of tweets. Of course, these issues were later fixed after UIDAI released an update to the app. Here, it needs mentioning that the mAadhaar app could be used as an alternate ID proof so one does not need to carry a physical copy of the document.
The app has also been much of use, helping users carry Aadhaar number with demographic details, provides secure biometric authentication, generates Time-based One-Time Password (TOTP) instead of an SMS based OTP, allowing Aadhaar details to be updated and share QR code and password protected eKYC (Electronic- Know Your Customer) data to retrieve accurate demographic information.