Mastodawn

I realized why governments are so fast in approving digital ID cards on smartphones

https://feddit.it/post/12975017

I realized why governments are so fast in approving digital ID cards on smartphones - Feddit.it

In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check. I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license. Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one. They took it and went back to their patrol for a full five minutes while they were doing background checks on me. That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago. What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?” “I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that. And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation Immediately uninstalled the government app, went back to traditional documents.

halcyoncmdr Dec 8, 2024

This is the biggest issue I have with them. The only way this will work in modern society where the police can’t be trusted, is if the ID is accessible while the rest of the device is locked down.

And that’s really only possible if Apple and Google integrate that directly into the OS.

MentalEdge Dec 8, 2024

It is.

Apple has “guided access”, android has “pin app”.

I only have experience with the latter, it works by opening the task management view, and selecting “pin application” on a running app.

That then locks the device to that app. To access anything else, it has to be unlocked as if the screen were locked.

halcyoncmdr Dec 8, 2024

App Pinning DOES NOT lockdown the device, even if you have it set to require a PIN to unpin, biometrics still work to unlock the device.

It also gives you a warning that personal data may still be accessible and the pinned app can open other apps. It specifically says “Only use app pinning with people you trust”… which is the exact opposite of the use case here. And app pinning is turned off by default, you have go go searching in the settings to enable the ability.

MentalEdge Dec 8, 2024

Was definitely on by default on my device.

Personal data is still accessible, if the app you choose to pin is something like the dialer, or your mail app, then yes, you can obviously access contacts and emails. The feature doesn’t block the pinned app from accessing everything it normally accesses.

As for opening other apps, this applies to stuff like links or launchers. If the app has links somewhere, you could open your default browser app. It does not allow you to “escape” the pinned app to anywhere else in the system, unless the pinned app has a way to launch other apps the way launchers do.

The feature could certainly use improvement, but if it were only useful with people you trust, it would be pointless.

It’s obviously intended for situations where you have to let someone use your phone, and don’t want to give them free reign. With people you trust, you wouldn’t need something like that.

It’s far better than nothing, and is in fact part of android.

moreeni Dec 8, 2024

They went as far here in Ukraine as making some services exclusive to those who have the app. The official government app for digital documents and services, Diia, also has stupid integrity check, which makes it unable to be installed from Aurora Store, which makes me cut out from such services, because I don’t have Google Services installed. By the way, there are Google trackers in the app.

shortwavesurfer Dec 8, 2024

Don’t get me wrong, it’s great that you figured this out. But why did you not consider this sooner? Wouldn’t it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?

EveryMuffinIsNowEncrypted Dec 8, 2024

What’s obvious to you may not be obvious to other people?

Likewise, what’s obvious to you at one moment may not be obvious to you at another, simply because you’re thinking about the situation from a different angle.

unskilled5117 Dec 8, 2024

On iOS you can enable Guided Access and restrict what one can do, for example disable touch and lock it to an app, until you enter a Code. I imagine Android will have something similar.

This obviously doesn’t protect against electronic forensics, but it does protect against just opening different apps and searching through the phone manually.

Use Guided Access with iPhone, iPad, and iPod touch - Apple Support

Guided Access limits your device to a single app and lets you control which features are available. You can turn on Guided Access when you let a child use your device, or when accidental gestures might distract you.

Apple Support

catloaf Dec 8, 2024

Yes, Android has app pinning. But they still have access to anything the app gives them.

They can see my ID on the phone. But if they want to take it, then no, I don’t have that ID on me. But then, I live in the US where digital ID isn’t valid.

sovietknuckles [she/her]Dec 8, 2024

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Do they actually take your phone when you present it to them for digital ID? They don’t scan it and bring up the same information on their scanner?

Shimitar Dec 9, 2024

No they don’t, they just scan it and dont take the phone. But of course, they could.

riodoro1 Dec 8, 2024

We have that app and I never give my phone to anyone. Nobody asks me for it, not even the cops. They just note the details and take it with them.

Oh, and the cops don’t care about your photos or messages when all you’ve done was exceed speed limit by 10km/h.

Maggoty Dec 8, 2024

In normal countries

Police in the US have admitted that traffic stops are just a way to search people and find bigger charges. Cops like that are absolutely nosing around your phone.

riodoro1 Dec 8, 2024

Lets not bring that capitalist dystopia to a discussion about functional countries.

haui Dec 8, 2024

Germany in the meantime: „leftist extremism is threatening the democratic system“ [quote from the constitution protection agency] while fascist crimes outnumber them 5 to 1. All that while the EU keeps trying to sneak chatcontrol by us through the backdoor, again and again.

I dont have that much hope for our world tbh.

skarn Dec 8, 2024

TBF, Germany has been one of the countries often opposing Chatcontrol, so there’s at least that.

Do you have a link for the 5:1 fash vs commie crimes? Not doubting, just want to read more.

haui Dec 8, 2024

Check the site verfassungsschutz.de

There you have sections leftist and fascist extremism and numbers to go along. Leftist crimes are around 4k, fascist around 23k iirc in the recent past (2023)

Startseite

Das Bundesamt für Verfassungsschutz ist der Inlandsnachrichtendienst der Bundesrepublik Deutschland.

BundesamtfuerVerfassungsschutz

EveryMuffinIsNowEncrypted Dec 8, 2024

Meanwhile, there’s me who just likes paper versions of this stuff because I like to be able to order a backup hard copy just in case something happens to the first one.

Edit: I’m a fucking dumbass. I was 100% aware they were talking about driver’s licenses, yet I was only referring to other vital documents like one’s birth certificate, and yet I didn’t make the connection in my brain. Apologies. :/

skarn Dec 8, 2024

Wait, what? There are countries that let you have multiple valid copies of the same ID??

EveryMuffinIsNowEncrypted Dec 8, 2024

Sorry, my bad. I meant more stuff like the birth certificate and other vital documents. I really should’ve specified.

(I swear I’m not a dumbass sometimes.)

skarn Dec 8, 2024

That stuff becomes a moot point once you have a decently working bureaucratic system (if and when). If you can ask for a digital certificate online, and get it in your email three days later, you’re not too worried about losing a copy.

On the other hand… I swear to you that multiple times, I have had to present “a birth certificate that was less than 6 months old”.

As if the time and circumstances of my birth might have suddenly changed in the last year.

EveryMuffinIsNowEncrypted Dec 8, 2024

That stuff becomes a moot point once you have a decently working bureaucratic system (if and when). If you can ask for a digital certificate online, and get it in your email three days later, you’re not too worried about losing a copy.

Yeaaaaah, I see where you’re coming from, but no, I’m just gonna stick with a paper copy that I know is reliable instead of a theoretical bureaucratic system that could possibly be reliable if it were to exist but in no way does exist (at least in the US).

This is the government after all. I’d like to have a paper copy in case they fuck something up during a system update and “can’t find me in the system”. (This is not very likely, I admit, but I wouldn’t put it past them some days…)

Edit: Also, what if I don’t have three days and I need said document(s) as soon as possible? That’s where a hard copy comes in.

Tattorack Dec 8, 2024

Pretty sure they’re not supposed to take your phone. The point of a digital document is that you don’t have to hand in anything. Scan the QR code and they can run as many background checks on the data they want. You’ll still have your phone.

unexposedhazard Dec 8, 2024

Not supposed to != wont. Police regularily do things that they arent supposed to and as long as people naively consent by giving their phone they can get away with whatever they want i would think.

Tattorack Dec 8, 2024

Then sue them. You have the right.

WereHacker Dec 8, 2024

In my country you cant Sue, only complain. But you complain to the instance you complain about. Eg police is handling complaints about the police. Besides that. For most people sueing isnt something you just do

unexposedhazard Dec 8, 2024

Good luck lmao

MrSilkworm Dec 8, 2024

Hi, Your dedicated local Secret Service agent here.

We don’t need your smartphone to access your data. We have surveillance equipment for that. That is why we can scan the qr code of your ID app and do the checks we need.

If you want us not to track you, you need a degoogled smartphone and use cash exclusively. Also you could use a vpn while you browse the interwebs, but we ll still be, eventually, able to see where you browse.

BTW we don’t stop randomly ppl on roadblocks. You or your car or your route or all of the above was of concern for us.

thedeadwalking4242 Dec 8, 2024

They aren’t from the USA

shottymcb Dec 8, 2024

Neither is the person you’re responding to, we don’t have any manner of digital ID in the US.

😈MedicPig🐷BabySaver😈Dec 9, 2024

Ummm, yes, we do.

Virkkunen Dec 8, 2024

In Brazil, the officer just uses their own phone to scan a validation QR on the ID app, at no point your phone leaves your hand and in a few seconds the officer has what they need. Shouldn't this be the case in the EU? AFAIK the officers only take your physical ID to check the number, so if you're using the app they shouldn't need to confirm that as the info is already validated

nossaquesapao Dec 8, 2024

Isn’t it impressive that we in Brazil sometimes create the best and most simple solutions to problems, but no one will imitate us and will keep insisting in their problematic systems, because we are the third world and supposedly can’t get anything right? It’s sad when we end up replacing our own good things, because even we think we’re inferior in everything and can’t come up with a good solution for anything.

krolden Dec 8, 2024

Pit it on another phone that you keep in your car or another profile with nothing else on it

Captain Aggravated Dec 9, 2024

A phone that still has your GPS tracking data stored in it?

krolden Dec 9, 2024

…no

Captain Aggravated Dec 9, 2024

I mean you’re carrying it around, right?

krolden Dec 9, 2024

Turn GPS or just keep the phone off until you need it. Dont put a sim card in it.

/home/pineapplelover Dec 9, 2024

You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn’t be surprised if there’s an exploit to get out and access memory it shouldn’t. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.

Shimitar Dec 9, 2024

No, se facessero cosi basterebbe che tu toccassi il bottone di blocco mentre glielo passi… A ripetere fino alla nausea.

No credo che la realtà sia differente: cosi ti invogliano ad avere l’app IO installata sul telefono… Semmai è quello il cavallo di troia.

SynopsisTantilize Dec 9, 2024

Containerized apps on Android when?

JoeKrogan Dec 9, 2024

Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.

anti-idpol action Dec 9, 2024

But they have one advantage: They are way easier to counterfeit. Meaning that with a few months of programming at most, if you ever find yourself on a run, you’ll be able to ID yourself on trains or buses or check in to hotels with fake personal info.

Moonrise2473 Dec 10, 2024

i don’t think that there’s no check at all. There’s either a server side check or a digital signature to verify, or both. You can trick the train ticket check (here they don’t even scan the qr code, they see the screen on the phone and continue) or the lazy airbnb landlord, but that can be done also today

UnderpantsWeevil Dec 9, 2024

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

Bare minimum, it would take a substantial amount of time and resources to harvest data from every phone of every driver passing through a particular checkpoint. Not that I’d ever recommend handing over my phone to a cop, but this kind of data transfer isn’t trivial. And its not clear what a street cop is going to do with 10 GB of accumulated vacation photos.

On the flip side, if you have an Automatic Backup feature on your phone, its going to a cloud computer somewhere. And that cloud computer is almost certainly compromised by the state digital security agency (and probably a number of foreign security agencies). At that point, it doesn’t matter if you’ve got a physical id or a digital one, just knowing who you are is enough to tie you back to that digital archive.

But… again, what is it that front-line state agents are planning to do with all this data? That’s never been made particularly clear.

Moonrise2473 Dec 10, 2024

it’s more like searching messages for some keywords, then use the result to justify a full car search

Niquarl Dec 10, 2024

I’ve always just shown a scan of my ID on my phone. It’s just a picture?

Moonrise2473 Dec 10, 2024

and they accept that as a valid id? I mean in a store ok, but a public official? It’s incredibly easy to make a fake screenshot

the digital version of id cards are glorified qr codes: they scan it and their device downloads from the government servers the official version. Or, for offline usage: the qr code contains all the data, signed with their key, they check if the signature is valid