India makes Aadhaar more ubiquitous, but critics say security and privacy concerns remain

Source: TechCrunch

What’s changing?

How it works

1. Select the data you want to share – age range, name, address, etc.
2. Generate a QR code that contains only the chosen fields.
3. Present the QR code to the service provider (hotel, workplace, payment terminal, etc.).
4. The provider verifies the data offline, without contacting the central Aadhaar repository.

Use cases already in motion

• Policing: Ahmedabad’s Crime Branch integrated Aadhaar‑based offline verification into PATHIK, a platform that logs visitors to hotels and guest houses.
• Hospitality & Housing: Hotels, housing societies, and workplaces can confirm a guest’s age or residency without seeing the full Aadhaar number.
• Payments & Wallets: Future Google Wallet integration will let users authenticate transactions using the selective‑share Aadhaar app.

Visual overview

Image credit: Google Play

Official positioning

UIDAI officials framed the rollout as a move to replace photocopies and manual ID checks with consent‑based, offline verification. The goal is to give users granular control over which identity attributes they disclose while still enabling large‑scale verification.

TechCrunch Event Details

Sources:

• Press release: PIB – UIDAI announcement
• Google blog: Aadhaar on Google Wallet
• UIDAI tweet: Digital visiting card

Early Uptake on Massive Scale

While UIDAI formally launched the new Aadhaar app last month, it had been in testing since early 2025. Estimates from Appfigures show that the app—first appearing in app stores toward the end of 2025—quickly overtook the older mAadhaar app in monthly downloads.

• Combined monthly installs of Aadhaar‑related apps rose from ≈ 2 million in October to ≈ 9 million in December.

The new app is being layered onto an identity system that already operates at enormous scale, given India’s population. Figures published on UIDAI’s public dashboard demonstrate that Aadhaar:

The shift toward offline verification does not replace this infrastructure; rather, it extends it—moving Aadhaar from a largely back‑end verification tool to a more visible, everyday interface.

At launch, UIDAI officials said the offline‑verification capability was intended to address long‑standing risks associated with physical photocopies and screenshots of Aadhaar documents¹. Such copies have often been collected, stored, and circulated with little oversight.

The expansion coincides with regulatory changes:

• Easing restrictions for businesses that use Aadhaar authentication, raising new privacy concerns².
• A new verification framework that allows certain public and private organisations to verify Aadhaar credentials without querying the central database³.

Consent, Accountability, and Unresolved Risks

Civil‑liberties and digital‑rights groups argue that recent legal changes do not resolve Aadhaar’s deeper structural risks.

New Threats from Offline and Private‑Sector Expansion

“The fact that this has gone ahead at this point in time seems to indicate a preference to continue the expansion of the use of Aadhaar, even if it is unclear in terms of the further risks that it might pose to the system, as well as to the data of Indians.” – Raman Jit Singh Chima, senior international counsel & Asia‑Pacific policy director, Access Now

• Context: The rollout is occurring while India’s data‑protection framework is still being drafted.
• Concern: The federal government should have waited for the Data Protection Board to be established, allowing independent review and broader consultation with affected communities.
• Source: TechCrunch interview

Ongoing Implementation Failures

• Inaccuracies & Security Lapses: UIDAI’s app is promoted as a tool for citizen empowerment, yet persistent problems remain—erroneous entries in the Aadhaar database, documented security gaps, and weak redress mechanisms that disproportionately affect vulnerable groups.
• Audit Findings: A 2022 Comptroller and Auditor General (CAG) report flagged UIDAI’s non‑compliance with several standards.
• Quote: “Such issues can often result in disenfranchisement of people, especially those who were meant to be benefited by such systems.” – Prasanth Sugathan, legal director, SFLC.in

References

• Security lapses: TechCrunch – security bug in India’s income‑tax portal (2025)
• CAG audit: Indian Express – CAG report on UIDAI (2022)
• Data‑leak concerns: TechCrunch – Aadhaar leak (2022)

“Aadhaar Creep” and the Risk of Re‑introducing Private‑Sector Use

Campaigners from Rethink Aadhaar warn that the new offline verification system could revive private‑sector reliance on Aadhaar—something the Supreme Court explicitly barred in 2018.

• Key Point: Enabling private entities (hotels, housing societies, delivery platforms, etc.) to routinely verify identities amounts to “Aadhaar creep,” normalising its presence across social and economic life.
• Legal Background: The 2018 judgment struck down provisions allowing private actors to use Aadhaar for verification.
• Consent Issue: In many contexts, consent is effectively illusory.

Sources

• Supreme Court judgment (2018): SFLC.in highlights
• Data‑protection law status: DW – India’s data‑law remains largely untested

The Bigger Picture

• The new app, regulatory tweaks, and an expanding ecosystem are shifting Aadhaar from a background identity utility to a visible layer of daily life that is increasingly hard to avoid.
• As India doubles down on Aadhaar, other governments and tech companies are watching closely, attracted by the promise of population‑scale identity checks.

Note: The Indian IT Ministry and UIDAI CEO did not respond to requests for comment.

Footnotes

1. Risks related to physical copies and screenshots are discussed in a TechCrunch article: “India Rajasthan Government Jan Aadhaar Bug Fix” (Jan 2024). ↩

2. See TechCrunch coverage of regulatory easing (Feb 2025). ↩

3. UIDAI’s “OVSE Playbook” (PDF) outlines the new offline‑verification framework. ↩