Hi #Aadhaar
! Can we talk about the #BenefitsOfAadhaar for the #India population?
I quickly check your #android app on the #playstore and you have some security issues...It's super easy to get the password of the local database for example...
http://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus …
-
-
Woohoo! sounds like a lot of people are interested by
#Aadhaar. I know what I will do during my flight now
Show this thread -
A lot of people asking me how bad is the generation of the local database password in the
#Aadhaar#android#app. I published a small POC here: https://github.com/fs0c131y/AadhaarDatabasePasswordPOC … If you start the application multiple times you will see that the generated password are always the samepic.twitter.com/U5TRTHiWen
Show this thread -
Storing data in a local database is a common practise in the
#Android world. In the#Aadhaar#android app they store: - user password data (hash) - notification - Ki value - EKYC Profile Data - Biometric Prefs - Bio Lock Timeout - App Configurationpic.twitter.com/cCfaAKFVkB
Show this thread -
According to the official documentation, https://aadhaarapi.com/aadhaar-response-format/ …, EKYC Profile Data contains the following data: - User_Id - Aadhar_Id - Name - Dob - Gender - Address - Photo - ...pic.twitter.com/x1TI9uXXTM
Show this thread -
So
@UIDAI you are storing a biometric data on the local database: the photo of the user.Show this thread
End of conversation
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
