Crypto Games
  • Crypto Games
    • News
    • Presales
    • Airdrops & Giveaways
    • Tournaments & Events
    • Reviews
    • Guides
    • Editorials
  • Reviews
  • Others
    • Blockchains
      • News
    • Dapps
    • Press Release
  • Regular Games
Reading: The EU's New Age Verification App Got Bypassed in Under 2 Minutes
Share
Telegram News
Crypto Games Crypto Games
Font ResizerAa
  • Crypto Games
  • Reviews
  • Others
  • Regular Games
Search
  • Crypto Games
    • News
    • Presales
    • Airdrops & Giveaways
    • Tournaments & Events
    • Reviews
    • Guides
    • Editorials
  • Reviews
  • Others
    • Blockchains
    • Dapps
    • Press Release
  • Regular Games
Follow US
Copyright © 2026 CryptoGames.GG. All Rights Reserved.
Crypto Games > Blog > Technology > The EU’s New Age Verification App Got Bypassed in Under 2 Minutes
Technology

The EU’s New Age Verification App Got Bypassed in Under 2 Minutes

Staycalm4now By Staycalm4now - Owner Last updated: April 18, 2026 4 Min Read
We may include affiliate links in our content, meaning we could earn a commission—or receive blockchain-based assets—if you click a link and make a purchase or take a specific action. Additionally, we use generative AI to help draft and refine our posts for clarity and grammar. All content is fact-checked and reviewed by a human editor before publication.
The EU's New Age Verification App Got Bypassed in Under 2 Minutes
SHARE

The European Commission launched its age verification app on April 14, calling it a privacy-first tool built to the “highest standards.” Three days later, a security researcher cracked it open with a basic file edit on an Android phone.

Paul Moore, a UK-based security consultant, posted a screen recording on X showing the full bypass from start to finish. The whole thing took less than two minutes.

How the hack works

Ad image Ad image

The app asks users to create a PIN during setup. It encrypts that PIN and saves it in the shared_prefs directory on the device. Moore identified two fundamental problems with this approach.

First, the PIN shouldn’t be stored locally at all. Second, and more critically, the encrypted PIN isn’t cryptographically tied to the vault that holds the user’s actual identity data. Those two things exist independently of each other.

That means an attacker with physical access to the device can delete the PinEnc and PinIV values from the shared_prefs file, restart the app and set a new PIN. When the app relaunches, it presents the original user’s credentials under the new PIN and treats them as valid.

It doesn’t stop there

Moore flagged additional flaws in the same configuration file. The app’s rate limiting, which is supposed to lock users out after too many failed PIN attempts, is just an incrementing number stored in the config. Reset it to zero and keep trying. Biometric authentication is controlled by a single boolean value called “UseBiometricAuth.” Set it to false and the app skips that step entirely.

Security experts on X questioned why the app doesn’t use the secure enclave hardware available on modern smartphones, relying instead on editable software-level files.

It's not easy to visualize the relay attack against the #EU #AgeVerification app from a user's perspective, so here it is.

Even if the app works exactly as designed, the website & verification process is entirely decoupled & 'anonymous'

The architecture assumes you'll send the… https://t.co/o4f5CPFPey pic.twitter.com/JUIhyIrdWw

— Paul Moore – Security Consultant  (@Paul_Reviews) April 17, 2026

A prototype with real consequences

The app was built as a prototype for the broader European Digital Identity Wallet system. Six EU member states, including France, Spain and Denmark, are currently piloting it. Commission President Ursula von der Leyen praised it as “technically ready” and highlighted its open-source code as a transparency feature.

That transparency worked against the Commission. Moore’s video has racked up more than 2.6 million views. Over 405 security researchers had already signed an open letter warning that age verification laws reduce privacy and increase surveillance risks before the app even launched.

A separate architectural flaw discovered in March found that the app’s issuer component can’t verify whether passport validation occurred on the user’s device at all.

Moore addressed von der Leyen directly, warning that “this product will be the catalyst for an enormous breach at some point it’s just a matter of time.”

Telegram‘s Durov weighs in

Telegram founder Pavel Durov called the app “hackable by design,” arguing that its core mistake is blindly trusting the user’s device. He went further, suggesting the EU might use future breaches as justification to strip away the app’s privacy features and expand it into a broader surveillance tool.

The European Commission has not issued a patch or public response to the disclosed vulnerabilities as of April 18, 2026.

You Might Also Like

Enjin Blockchain Sentosa Upgrade Launching in December

The PS6 Might Not Show Up Until 2029, and RAM Prices Are Part of the Reason

XOCIETY Unveils Early Season 2 Updates Amid Rising Competitive Tensions

Bored Ape NFT lawsuit resolves with settlement, impacting crypto community

Providence Launches Community Token Sign

TAGGED:AllEU
Share This Article
Facebook X Whatsapp Whatsapp Reddit Telegram Copy Link Print
Share
By Staycalm4now
Owner
Follow:
George Tsagkarakis, known as Staycalm4now is a professional author in the crypto gaming industry since early 2018. He has experienced all the growth of Blockchain Gaming and helped multiple projects achieve their goals and established a player base. He is the co-founder of egamers.io and now the Founder and owner of CryptoGames.gg He is also the COO of MyStage, an AI x Crypto Startup.
Previous Article Nvidia's CEO Says AI Will Create More Jobs Than It Kills, but There's a Catch Nvidia’s CEO Says AI Will Create More Jobs Than It Kills, but There’s a Catch
Next Article Gala Games relaunches Legends & Dragons on iOS and Android Gala Games relaunches Legends & Dragons on iOS and Android
Leave a Comment
Subscribe
Login
Notify of
Please login to comment
0 Comments
Oldest
Newest Most Voted
FacebookLike
XFollow
YoutubeSubscribe
TiktokFollow
TelegramFollow

Stay Updated

Join our telegram Channel and stay in the loop with the most important news.
Latest News
Origins TCG opens free Steam demo, routes card trading through Valve's marketplace
Origins TCG opens free Steam demo, routes card trading through Valve's marketplace
July 18, 2026
MapleStory N closes Hyper Summer with Will boss fight on July 23
MapleStory N closes Hyper Summer with Will boss fight on July 23
July 18, 2026
Khuga Bash opens $5,000 Potatoz Invasion event in Memeland crossover
Khuga Bash opens $5,000 Potatoz Invasion event in Memeland crossover
July 18, 2026
Azuki quietly stands up studio.azuki, giving its anime venture a home
Azuki quietly stands up studio.azuki, giving its anime venture a home
July 18, 2026
Digitoys puts its digital toy collection on iOS with new app
Digitoys puts its digital toy collection on iOS with new app
July 18, 2026
Star Atlas launches SAGE C4 Phase Two featuring Combat V2 and Nemesis Engine.
Star Atlas launches SAGE C4 Phase Two featuring Combat V2 and Nemesis Engine.
July 17, 2026
Chainers overhauls reward pools and introduces Tier 4 with quadrupled CFB payouts
Chainers overhauls reward pools and introduces Tier 4 with quadrupled CFB payouts
July 17, 2026
Off The Grid offers 50 percent bonus XP for accounts and Battle Pass this weekend
Off The Grid offers 50 percent bonus XP for accounts and Battle Pass this weekend
July 17, 2026

You Might Also Like

Kick Off with Football.Fun: Score Your Founders Pack in Tournament Sale 2.1!
Crypto GamesNews

Football.Fun Launches Tournament Entry with Founders Pack Sale 2.1

5 Min Read
The Sandbox to Unveil SANDchain Token Launchpad on October 1
Crypto GamesNews

The Sandbox to Unveil SANDchain Token Launchpad on October 1

3 Min Read
Animoca stock launches on Solana through Republic platform.
Crypto GamesNews

Animoca stock launches on Solana through Republic platform.

3 Min Read
Splinterlands launches Meredrool Archon and 30-day battle cycle
Crypto GamesNews

Splinterlands Launches Meredrool Archon and 30-Day Battle Cycle

4 Min Read

Always Stay Up to Date

Subscribe to our newsletter to get our newest articles instantly!
[mc4wp_form]
Crypto Games GG Logo. Crypto Games GG Logo.

CryptoGames.GG is a Crypto Games List and News Portal.

We share valuable information about Play To Earn Games and Other Web3 Projects.

While CryptoGames.GG uses AI to produce and draft content; every piece of information is fact-checked by a human, reviewed, and edited as needed.

News

  • Crypto Games
    • News
    • Presales
    • Airdrops & Giveaways
    • Tournaments & Events
    • Reviews
    • Guides
    • Editorials
  • Reviews
  • Others
    • Blockchains
      • News
    • Dapps
    • Press Release
  • Regular Games

The Boring Stuff

  • About Us
  • RSS Feeds
  • Contact
  • Disclaimer
  • Terms and Conditions
  • Privacy Policy
  • Review Process Statement

Join Our New Telegram Group

Discover the most importa news, from presales to giveaways and game updates.
Join Now
2026 CryptoGames.GG All Rights Reserved
wpDiscuz
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?