20260417 EU Alters-App nicht sicher

17.04.2026 EU Alters-App nicht sicher

Hackable in 2 Minutes

Yesterday we saw EU Commission President Ursula von der Leyen smiling down from our screens and happily announcing: The EU has solved the age verification problem for us in a way that complies with data protection regulations. We no longer have to rely on the flawed apps of the big tech companies that steal our personal data. The article linked below shows that this is not the case.

EU officials have spent a year developing the app that was so prominently unveiled to us the day before yesterday. However, the app — which was supposedly so secure and data-efficient — was hacked in just two minutes yesterday. But there’s little reason to laugh at the developers. Pavel Durov wrote the following on Telegram:

Step 1 — Present a “privacy-respecting” but hackable app.
Step 2 — Get hacked (*YOU ARE HERE*).
Step 3 — Remove privacy to “fix” the app.
Result — a surveillance tool sold as “privacy-respecting”.

And just like that, we have yet another surveillance tool — in this case, a government one — joining the apps from Google, Meta, and others, all of which want only one thing: our data.

We wouldn’t consider the developers entirely blameless, but we also don’t know the requirements that EU officials have imposed on them. In our opinion, sensitive authentication data, such as usernames and passwords, should not be made accessible to the end user or even displayed. Such processes in apps belong in isolated sandboxes. All modern smartphones offer the ability to program such features securely. Conclusion: Hackable by Design

Translated with DeepL.com (free version)