In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.
I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.
Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.
They took it and went back to their patrol for a full five minutes while they were doing background checks on me.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”
“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.
And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation
Immediately uninstalled the government app, went back to traditional documents.
Why is nobody mentioning that by installing it and authenticating, there is sweet fuck all you can do to stop them tracking your movements and downloading your whole address book so they can see who you Associate with?
Taking the phone isn’t the problem if they are already in it.
In most phones it is possible to set permissions (to contacts, locaton, etc) for every app.
You have to explicitly allow that, at least on android. However, most people hit allow and don’t think anyways :/
iOS too. Permissions can even be given only while the app is active if it “requires” them, or for location for example an approximate one is sufficient.
Yep, but there was some news about that recently. Apparently their security doesn’t quite work as it should. Perhaps that’s been fixed by now, but then again, Apple does not have a great reputation there.
Oh nice, no contacts or internal storage stuff!
There are camera and location permissions listed. AFAIK my ID card doesn’t have those.
I think that might just be to scan qr codes. And unless you’ve got a very shitty phone, that camera can’t run without the app being active.
You do close your apps, right?
Yeah, I do.
Honestly, I wouldn’t worry about all the comments discussed here. Mainly because the governments already have access to everything and I mean EVERYTHING. They will get a subpoena in under a minute if they want to check something regarding your digital life. Not condoning it, just a fact of present life.
Digital licence is all I have used for about 7 years. Police here are careful never to reach for a phone as they can’t legally. You display the licence and give it a shake to animate it and they copy the number down in their notebook. If the police ever did illegally take a phone I would wipe it and replace it and lodge a complaint.
They may have similar protections in Europe. People often post opinions on social media without checking facts. I get why on commercial social media where everything is rage bait. But i don’t know why people can’t take a few minutes to check local laws before posting here.
Probably because I live in America but we don’t trust police to not do something just because they’re not supposed to. They do it all the time here.
Either have a cheap second hand sim less phone just for that or carry the physical Id or perhaps a copy of the physical id.
To add to this, a lot of what keeps us safe is the friction of bureaucracy. Authoritarians cannot micromanage every decision you make or round up every person they want because those actions take time and resources that aren’t infinite. But you can reduce the time and resources required if you make identification more convenient and therefore enforcement more targeted. Maybe now they can justify making you present ID every time you pay cash at Starbucks, buy a backpack, get on a bus, use a bike share, watch hot snuff porn, you name it.
They went as far here in Ukraine as making some services exclusive to those who have the app. The official government app for digital documents and services, Diia, also has stupid integrity check, which makes it unable to be installed from Aurora Store, which makes me cut out from such services, because I don’t have Google Services installed. By the way, there are Google trackers in the app.
The IRS (tax authority) in the US has Google trackers loaded into the DOM including pages listing your Social Security number too, yikes.
You can pin the app (android) or have it in guided access mode (ios). Although, yeah, I wouldn’t be surprised if there’s an exploit to get out and access memory it shouldn’t. Maybe if you install the govt spyware app in a different user profile (Android) then it will be restricted to that certain memory.
Convenience always has a cost
I’ve always just shown a scan of my ID on my phone. It’s just a picture?
If you use an android phone, just create a separate account on your phone just with the apps you want the police to see. No email, photos, social media, or anything. This way you can switch to the restricted user before giving the cop your phone.
If you are on android you can use screen pinning. That way phone won’t get locked and bother the police but they can’t switch to any other app without your password.
But I don’t know how much I’ll trust an app by government. Maybe in Europe that app is Open source.
Wouldn’t trust a gov app in europe either. But then again i don’t trust any app and have them firewalled at least .
The EU covid app was released on fdroid. I would trust it if it was open source, audited by a third party, and finally made available on fdroid.
Ok this has some right for existence… Yet,just being oss isn’t always the point alone. Without checking the code myself I still just have to trust.
Fortunately fdroid does some checks. And the third party audit does some checks. Thats already a lot of others checking it.
For some reason that’s only a thing when navigation is set to buttons, when using gestures it’s not available. So yeah it’s a bit hard to go to settings, change the navigation mode, turn on pinning, pin the app and only then hand over the phone…
I also have my phone setup to gesture navigation. If I swipe up and click on app icon I see option to pin it.
Must be some OnePlus limitation or something.
Containerized apps on Android when?
I have the digital id in case i forget my physical one (despite not legaly being required to carry id) but its in an empty graphene os profile.
Don’t get me wrong, it’s great that you figured this out. But why did you not consider this sooner? Wouldn’t it have been obvious that you would have to have the phone unlocked and that having a police person have any access to an unlocked device would be a real problem?
What’s obvious to you may not be obvious to other people?
Likewise, what’s obvious to you at one moment may not be obvious to you at another, simply because you’re thinking about the situation from a different angle.
They don’t need to take your phone with them. They literally can just scan the code, because it sends all the info to their screen, that they were gonna look up anyway.
No way the government implemented an app for this use case. That’s extremely inefficient.
I thought you actually tried, that they took your phone?
Illinois at least passed a law to limit the consent given when using a digital ID with a police officer such that they’re ONLY allowed to use it for ID and not snooping, but that’s the only state to do so.
https://www.eff.org/deeplinks/2024/10/should-i-use-my-states-digital-drivers-license
But do you trust them to follow the law? I certainly don’t.
Couldn’t these apps also use the Android/iOS’ wallet manager which allows handing it over unlocked while the phone is “closed” (not necessarily locked, though…)?
I don’t know if they could, because they will probably compromise all information into the wallet.
But it’s a good idea. I hope that it can be implemented like you said in a secure way.
That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.
Do they actually take your phone when you present it to them for digital ID? They don’t scan it and bring up the same information on their scanner?
No they don’t, they just scan it and dont take the phone. But of course, they could.
