India makes Aadhaar universal, but critics say security and privacy concerns remain

India is pushing Aadhaar, the world’s most popular digital identity system, into everyday privacy through a new app and offline authentication support, a move that raises new questions about security, consent, and the broader use of the database.

It was announced at the end of January by the Unique Identification Authority of India (UIDAI) supported by the government of India (UIDAI), these changes bring the new Aadhaar program along with an offline verification method that allows people to verify their identity without having to check the real-time data against the central Aadhaar database.

The program allows users to share limited information, such as verifying their age rather than revealing their full date of birth, with various services, such as hotels and housing agencies in workplaces, platforms, and payment devices, while the existing Aadhaar program continues to function in the same way to date.

Along with this new app, UIDAI is also expanding Aadhaar channels in mobile wallets, and upcoming integration with Google Wallet and discussions are underway to enable similar functionality in Apple Wallet, in addition to the existing support for Samsung Wallet.

Indian authorities are also promoting the use of the app in policing and hospitality. Ahmedabad City Crime Branch has become the first police unit in India to integrate online Aadhaar verification with PATHIK, a visitor tracking platform launched by the police department, targeting hotels and lodges to record visitor information.

UIDAI has also introduced the new Aadhaar system as a digital travel card in meetings and networks, allowing users to share personal information via QR code.

Officials at the event in New Delhi said the latest efforts are part of a larger effort to replace photocopies and manual ID checks and verify admissions, offline. The move, he argued, aims to give users more control over what they want to share, and enable authentication at a large scale without asking for central Aadhaar credentials.

Initial planning on a large scale

When the UIDAI launched the new Aadhaar app last month, it was being tested from as early as 2025. Estimates from Appfigures show that the app, which appeared in app stores in late 2025, quickly overtook the old mAadhaar app in monthly downloads.

Monthly cumulative installations of Aadhaar-linked applications rose from 2 million in October to nearly 9 million in December.

The new program is being put on top of the already existing data based on the demographics of India. Figures published on Public dashboard of UIDAI point out that Aadhaar has issued more than 1.4 billion numbers and processes about 2.5 billion transactions every month, including billions of electronic “know your customers” transactions since its inception.

The evolution of online authentication is not a replacement for this development as much as an extension, moving Aadhaar from a background verification tool to a more visible and everyday feature.

While launching the program, UIDAI officials said that the move to online authentication is aimed at addressing the risks that have existed for some time. linked to physical photographs and photographs of Aadhaar documentswhich are often collected, stored, and distributed with little supervision.

The increase comes at a time of regulatory change, reduce restrictionsand a new framework (PDF), with UIDAI now allowing other public and private sector organizations to verify Aadhaar information without consulting a central database.

Acknowledgment, accountability, and insurmountable risks

Human rights and digital liberties groups say the legislative changes do not address the deep-rooted threats to Aadhaar.

Raman Jit Singh Chima, global general counsel and head of Asia Pacific strategy at Access Now, said the expansion of Aadhaar to offline and private services poses new threats, especially at a time when Data protection in India still being installed.

Mr Chima questioned the timing, saying the government should have waited for India’s Data Protection Commission to be set up first, allowing for independent review and wider consultation with affected people.

“The fact that this has progressed so far seems to indicate a desire to continue to expand the use of Aadhaar, although it is not clear what other risks the system may pose, and more to Indians,” Chima told TechCrunch.

Indian law enforcement groups also point to unresolved implementation failures.

Prasanth Sugathan, legal director of New Delhi-based digital rights group SFLC.in, said that while the UIDAI launched the program as a tool to help citizens, it does little to address ongoing problems, such as errors in the Aadhaar database, protection is overand poor management practices, which have had a significant impact on vulnerable populations.

He also mentioned a 2022 report and the Comptroller and Auditor General of India, who found UIDAI had failed to meet certain standards.

“Such stories can often cause people to lose their jobs, especially those who are supposed to benefit from these systems,” Sugathan told TechCrunch, adding that it is still unclear how the data shared through the new program will be prevented. breach or leak.

Campaigners associated with Rethink Aadhaar, a development campaign that focuses on Aadhaar-related rights and accountability, say the offline authentication system risks reintroducing private sector use of Aadhaar in ways that the Supreme Court has already banned.

Shruti Narayan and John Simte of the group said it would help private sector organizations rely on Aadhaar regularly to ensure “Aadhaar creep”, and improve its use in economic and financial life. 2018 judgment which violated laws that allow private actors to use Aadhaar to verify identity. They warned that consent in such cases would be false, especially in situations involving hotels, housing agencies, or delivery workers, where India’s data protection law. it remains untested.

Together, the new program, legal changes, and expanding ecosystem are moving Aadhaar from background information to a visible part of everyday life that is increasingly difficult to obtain. As India expands on Aadhaar, governments and tech companies are watching, lured by the promise of a population check.

India’s IT ministry and the UIDAI CEO did not respond to requests for comment.