Overview
- Security consultants said they defeated the app in under two minutes by editing local files that store the PIN, a rate‑limit counter, and a switch for biometrics.
- Researchers reported that passport and selfie images used for setup were left unencrypted on the phone, raising theft and misuse risks.
- Analysts warned the design allows relay attacks that let a remote device vouch for age, which proves someone is adult without linking to the person at the keyboard.
- The European Commission called the published build a demo and said issues were fixed or will be fixed, while declining to set a public launch date.
- Privacy groups and more than 400 researchers had urged caution, saying age checks tied to IDs can create new targets for hackers and pressure platforms into brittle compliance.