India is making Aadhaar more widespread, but critics say security and privacy concerns remain

India is pushing Aadhaar, the world’s largest digital identity system, deeper into everyday private lives with a new app and support for offline verification, a move that raises new questions about security, consent and broader use of the massive database.

The Indian government-backed Unique Identification Authority of India (UIDAI) in late January announced changes that introduce a new Aadhaar app along with an offline verification framework that allows individuals to prove their identity without real-time checks on the central Aadhaar database.

The app allows users to share a limited amount of information, such as ensuring they are over a certain age rather than revealing their full date of birth, with a range of services, from hotels and housing associations to workplaces, platforms and payment devices, while the existing mAadhaar app continues to run in parallel for the time being.

Along with the new app, UIDAI is also expanding its Aadhaar footprint in mobile wallets, with upcoming integration with Google Wallet and ongoing discussions to enable similar functionality in Apple Wallet, in addition to existing support on Samsung Wallet.

Indian authorities are also working to promote the use of the app in policing and hospitality. Ahmedabad City Crime Branch has become the first police unit in India to integrate Aadhaar-based offline verification with PATHIK, a guest monitoring platform launched by the police department, targeting hotels and guest accommodations to record visitor information.

UIDAI has also positioned the new Aadhaar app as a digital visiting card for meetings and communication, allowing users to share specific personal details via QR code.

These latest efforts are part of a broader effort to replace photocopies and manual identity verification with offline consent-based verification, officials said at the launch in New Delhi. They argued that this approach aims to give users more control over the specific identity information they wish to share, while enabling verification at scale without the need to query the central Aadhaar database.

Widespread early assimilation

While UIDAI officially launched the new Aadhaar app last month, it has been in testing since earlier in 2025. Appfigures estimates show that the app, which appeared in app stores at the end of 2025, quickly overtook the older mAadhaar app in monthly downloads.

Combined monthly installations of Aadhaar-related apps rose from nearly 2 million in October to nearly 9 million in December.

The new app is being built into an identity system that already operates on a massive scale given India’s population. Figures published on UIDAI’s public dashboard show that Aadhaar has issued over 1.4 billion identity numbers and handles nearly 2.5 billion authentication transactions every month, along with tens of billions of e-KYC checks since its launch.

The shift toward offline verification does not replace this infrastructure so much as expands it, moving Aadhaar from largely a back-end verification tool to a more visible, everyday interface.

Launching the app, UIDAI officials said the move towards offline verification was aimed at addressing long-standing risks associated with physical copies and screenshots of Aadhaar documents, which are often collected, stored and distributed with little oversight.

The expansion comes at a time of regulatory changes, easing of restrictions and a new framework (PDF), with the UIDAI now allowing some public and private institutions to verify Aadhaar credentials without querying the central database.

Consent, accountability and unresolved risks

Civil liberties and digital rights groups say these legal changes do not solve the deeper structural risks facing Aadhaar.

The expansion of Aadhaar into private sector and offline settings poses new threats, especially at a time when India’s data protection framework is still being implemented, said Raman Jeet Singh Cheema, senior international counsel and Asia Pacific policy director at Access Now.

Cheema questioned the timing of the rollout, arguing that the federal government should have waited to establish India’s Data Protection Board first, allowing for an independent review and broader consultation with affected communities.

“The fact that it is moving forward at this time seems to indicate a preference for continued expansion of the use of Aadhaar, even if it is unclear in terms of the additional risks it may pose to the system, as well as to Indians’ data,” Cheema told TechCrunch.

Indian legal advocacy groups also point to unresolved implementation failures.

Although UIDAI has framed the app as a tool to empower citizens, it does little to address persistent issues, such as inaccuracies in the Aadhaar database, security vulnerabilities, and weak redress mechanisms, which have disproportionately affected vulnerable populations, said Prasanth Sugathan, legal director at New Delhi-based digital rights group SFLC.in.

He also cited a 2022 report by the Comptroller and Auditor General of India, which found that UIDAI failed to meet certain compliance standards.

“Such issues can often lead to people being deprived of their rights, especially those who were supposed to benefit from these systems,” Sugathan told TechCrunch, adding that it is still unclear how the data shared through the new app will prevent breaches or leaks.

Activists associated with Rethink Aadhaar, a civil society campaign focused on Aadhaar-related rights and accountability, say the offline verification system risks the private sector reusing Aadhaar in ways that the Supreme Court has already explicitly banned.

Enabling private entities to routinely rely on Aadhaar for verification amounts to “Aadhaar creep,” normalizing its use in social and economic life despite a 2018 ruling that struck down provisions allowing private actors to use Aadhaar to verify people’s information, said Shruti Narayan and John Simetti of the group. They warn that consent in such contexts is often illusory, especially in situations involving hotels, housing associations or delivery workers, while data protection law in India remains largely untested.

Together, the new app, regulatory changes, and expanding ecosystem are transforming Aadhaar from a back-end identity tool into a visible layer of everyday life that is increasingly difficult to avoid. As India redoubles its efforts on Aadhaar, governments and technology companies are watching closely, drawn by the promise of widespread identity verification.

India’s Ministry of Information Technology and UIDAI’s CEO did not respond to requests for comment.