India makes Aadhaar more ubiquitous, but critics say security and privacy concerns remain

India is moving to embed Aadhaar, the world’s largest digital identity program, even more deeply into daily private life through the introduction of a new app and expanded offline verification tools — a shift that is renewing debate over security, consent, and the long-term implications of such a vast identity database.

In an announcement in late January, the government-backed Unique Identification Authority of India (UIDAI) unveiled updates, including a newly launched Aadhaar app and an offline verification system. This framework enables individuals to confirm their identity without conducting real-time authentication against Aadhaar’s central database.

The new application is designed to allow users to share only the information needed to verify their identity. For instance, a person can confirm that they are above a certain age without disclosing their exact date of birth. This selective data-sharing model can be used across a variety of services, including hotels, housing societies, workplaces, digital platforms, and payment systems. Meanwhile, the existing mAadhaar app will continue to function alongside the new platform.

In addition to the new app rollout, UIDAI is broadening Aadhaar’s presence in digital wallets. Integration with Google Wallet is expected soon, and discussions are ongoing to introduce similar functionality within Apple Wallet. Aadhaar verification is already supported on Samsung Wallet.

The authority is also encouraging adoption in sectors such as law enforcement and hospitality. The Ahmedabad City Crime Branch has become the first police division in the country to integrate Aadhaar-based offline verification into PATHIK, a guest monitoring system introduced by the department. The platform is used by hotels and lodging facilities to record visitor information.

UIDAI has further promoted the updated app as a modern digital visiting card for professional meetings and networking. Users can share selected personal details through a QR code, offering a controlled way to exchange identity information.

Officials at the launch event in New Delhi described these changes as part of a broader effort to phase out photocopying and manual identity checks. They argued that the offline, consent-based verification model empowers users to decide exactly what information they share, while still enabling large-scale verification without directly querying the central Aadhaar database.

Early Uptake Amid Massive Scale

Although the formal launch occurred last month, the new Aadhaar app had been undergoing testing earlier in 2025. According to Appfigures estimates, the app was listed on digital storefronts toward the end of 2025 and quickly surpassed the older mAadhaar app in monthly downloads.

Combined monthly downloads of Aadhaar-related applications rose sharply, increasing from nearly 2 million in October to almost 9 million in December.

These developments are being layered onto an identity infrastructure that already operates on an immense scale. Data available on UIDAI’s public dashboard shows that more than 1.4 billion Aadhaar numbers have been issued. The system processes approximately 2.5 billion authentication transactions every month and has handled tens of billions of electronic “know your customer” (e-KYC) verifications since its inception.

The new push toward offline verification does not replace this large-scale backend architecture. Instead, it extends Aadhaar’s presence, shifting it from a predominantly background-verification system to a more visible, routine interface in everyday interactions.

During the launch, UIDAI representatives emphasised that offline verification aims to mitigate long-standing risks associated with physical photocopies and digital screenshots of Aadhaar documents, which have frequently been collected and stored without adequate oversight.

This expansion coincides with regulatory adjustments and the introduction of a new framework that allows certain public and private entities to verify Aadhaar credentials without directly accessing the central database.

Consent, Accountability, and Lingering Risks

Despite these assurances, civil liberties advocates and digital rights organisations argue that the recent legal and technical changes do not eliminate Aadhaar’s deeper structural concerns.

Raman Jit Singh Chima, senior international counsel and Asia Pacific policy director at Access Now, said that expanding Aadhaar into offline and private-sector contexts introduces additional risks, particularly as India’s data protection regime is still taking shape.

Chima questioned the timing of the rollout, suggesting that the government should have waited until India’s Data Protection Board was established, allowing for independent scrutiny and broader consultation with communities likely to be affected.

“The fact that this has gone ahead at this point seems to indicate a preference to continue the expansion of the use of Aadhaar, even if it is unclear in terms of the further risks that it might pose to the system, as well as to the data of Indians,” Chima said.

Legal advocacy groups in India have also raised concerns about unresolved implementation challenges, according to Prasanth Sugathan, legal director at the New Delhi-based digital rights organisation SFLC. In, noted that while UIDAI presents the app as a step toward greater citizen empowerment, it does not adequately address persistent issues such as inaccuracies in the Aadhaar database, security vulnerabilities, and limited avenues for grievance redress — problems that have disproportionately impactedmarginalisedd communities.

He referenced a 2022 report by India’s Comptroller and Auditor General, which found that UIDAI had not met certain compliance benchmarks.

“Such issues can often result in disenfranchisement of people, especially those who were meant to be benefited by such systems,” Sugathan said, adding that it remains uncertain how data shared via the new app would effectively prevent breaches or unauthorised disclosures.

Advocates linked to Rethink Aadhaar, a civil society campaign focused on Aadhaar-related accountability and rights, contend that the offline verification model risks enabling renewed private-sector reliance on Aadhaar in ways the Supreme Court had previously restricted.

Shruti Narayan and John Simte from the group argued that allowing private entities to rely on Aadhaar for identity verification routinely could amount to “Aadhaar creep,” gradually normalising its use across social and economic life. They cited a 2018 Supreme Court ruling that struck down provisions permitting private companies to use Aadhaar for verification.

They also cautioned that consent in many real-world settings — such as hotels, housing societies, or among gig workers — may not be truly voluntary. At the same time, India’s data protection framework remains largely untested in practice.

Taken together, the new application, regulatory shifts, and expanding digital ecosystem are transforming Aadhaar from a background identity infrastructure into a visible and often unavoidable component of daily life. As India continues to strengthen Aadhaar’s role, policymakers and technology companies worldwide are closely observing the experiment, drawn by the prospect of identity verification at a population scale.