India is accelerating the spread of Aadhaar into everyday life with a new identity app and an offline verification framework that removes the need for real-time checks against the central database. The push, led by the Unique Identification Authority of India, aims to make ID verification simpler and faster for citizens and businesses—but it is also rekindling long-standing worries about security, consent, and lawful use in the private sector.
Officials frame the rollout as a move toward privacy-by-design: share only what’s needed, prove who you are without handing over a photocopy, and do it even when connectivity is spotty. Civil liberties groups counter that, without robust guardrails, the shift could harden Aadhaar’s role as a universal passkey and create fresh avenues for misuse.
What the New Aadhaar App Changes for Users
The new Aadhaar app adds granular, consent-based sharing—think confirming you are over 18 without disclosing a full birthdate—and packages the data in digitally signed formats for offline checks. A scannable QR code can function as a “digital visiting card,” letting users selectively share identity details at hotels, housing societies, offices, or delivery gates.
UIDAI is also pushing integrations that make Aadhaar more omnipresent across devices and venues. The authority says Aadhaar credentials are live on Samsung Wallet, with support planned for Google Wallet and discussions underway for Apple Wallet, putting biometric-linked IDs a tap away on millions of phones.
Law enforcement and hospitality are early adopters. In Ahmedabad, the city’s Crime Branch has woven Aadhaar-based offline checks into PATHIK, a police-run guest registration platform used by hotels and guesthouses to validate visitor information without pinging the central database in real time.
Scale and Early Adoption Across Sectors and Devices
Aadhaar already operates at global scale: more than 1.4 billion IDs issued and roughly 2.5 billion authentications processed each month, according to UIDAI’s public dashboard. Electronic know-your-customer checks number in the tens of billions since launch, underpinning banking, telecom, and welfare distribution.
The new app appears to be gaining traction quickly. Estimates from Appfigures indicate combined monthly installs for Aadhaar-related apps jumped from about 2 million in October to nearly 9 million in December, with the newcomer overtaking the older mAadhaar app in monthly downloads. The bet from policymakers is that familiar smartphone flows and offline portability will widen usage beyond government services to routine private interactions.
Offline Verification Brings New Risks for Privacy
Security experts say the offline model reduces exposure in one dimension—fewer live queries to a central server—while expanding risk in another: more points where personal data can be captured, stored, or profiled by private entities. If a hotel, employer, or gated community keeps copies of signed QR payloads or screenshots, those fragments can pile up across time and places, enabling correlation even when a user shared “just enough” data at each stop.
Raman Jit Singh Chima of Access Now argues the rollout is premature while India’s data protection regime is still solidifying. He and other advocates say the Data Protection Board should be fully operational with clear sectoral rules, audit powers, and penalties before offline Aadhaar becomes routine in private settings where consent may be more coercive than voluntary.
Campaigners associated with Rethink Aadhaar warn of “normalization” in spaces the Supreme Court previously fenced off. In its 2018 ruling, the Court curtailed broad private-sector use, allowing Aadhaar primarily for subsidies and tightly regulated KYC. Subsequent legal changes reintroduced limited, consent-based use, but rights groups say the new offline flows risk stretching that boundary in practice.
Legal Backdrop and Ongoing Compliance Gaps in Aadhaar
UIDAI pitches the app as an antidote to notorious photocopy culture, where Aadhaar printouts and screenshots have been collected and circulated with little oversight. Yet India’s Comptroller and Auditor General spotlighted shortcomings in a 2022 report, citing gaps in data quality, audit compliance, and system controls—issues critics say remain relevant as functionality expands.
Prasanth Sugathan of SFLC.in notes that recurring problems—database inaccuracies, authentication failures, and weak redress mechanisms—tend to hit the most vulnerable users hardest. For them, a smoother app experience matters less than reliable correction processes, transparent logs, and fast remedies when something goes wrong.
A core tension is consent. Even if the app allows selective disclosure, people often face take-it-or-leave-it demands: no room access without a scan, no contract without a check. Without strict rules on purpose limitation, retention, and third-party sharing—and routine audits to verify compliance—“consent” risks becoming a checkbox rather than a meaningful control.
What Comes Next for Aadhaar’s Offline Verification Push
Policy and product decisions made now will shape whether offline Aadhaar becomes a privacy-preserving credential or a ubiquitous tracking token. Experts recommend standardizing minimal data bundles (for example, age band only, masked Aadhaar number), defaulting to local verification without retention, mandating tamper-evident logs for relying parties, and imposing strict penalties for storing or repurposing verified data.
For UIDAI, the immediate test is execution: publish detailed technical standards, expand independent security audits, and coordinate with the Data Protection Board to define bright lines for private-sector use. For businesses, the message is caution—design for data minimization now, before regulators and courts impose it later. As India leans on Aadhaar to grease daily transactions, the balance between convenience and civil liberties will be measured not by promises, but by how verifications work on the ground.
