In my (European) country now we can have a digital copy of the driving license on the phone. It specifically says that it’s valid to be presented to law enforcement officers during a check.

I saw amazed in the beginning. They went from limited beta testing to full scale nationwide launch in just two months. Unbelievable. And I even thought “wow this is so convenient I won’t need to take the wallet with me anymore”. I installed the government app and signed up with my government id and I got my digital driving license.

Then yesterday I got stopped by a random roadblock check and police asked me my id card. I was eager to immediately try the new app and show them the digital version, but then because music was playing via Bluetooth and I didn’t want to pause it, i just gave the real one.

They took it and went back to their patrol for a full five minutes while they were doing background checks on me.

That means if I used the digital version, they would had unlimited access to all my digital life. Photos, emails, chats, from decades ago.

What are you are going to do, you expect that they just scan the qr code on the window, but they take the phone from your hand. Are you going to complain raising doubts? Or even say “wait I pin the app with a lock so you can’t see the content?”

“I have nothing to hide” but surely when searching for some keywords something is going to pop-up. Maybe you did some ironic statement and now they want to know more about that.

And this is a godsend for the secret services. They no longer need to buy zero day exploits for infecting their targets, they can just cosplay as a patrol and have the victim hand the unlocked phone, for easy malware installation

Immediately uninstalled the government app, went back to traditional documents.

  • halcyoncmdr@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    18 days ago

    This is the biggest issue I have with them. The only way this will work in modern society where the police can’t be trusted, is if the ID is accessible while the rest of the device is locked down.

    And that’s really only possible if Apple and Google integrate that directly into the OS.

    • MentalEdge@sopuli.xyz
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      18 days ago

      It is.

      Apple has “guided access”, android has “pin app”.

      I only have experience with the latter, it works by opening the task management view, and selecting “pin application” on a running app.

      That then locks the device to that app. To access anything else, it has to be unlocked as if the screen were locked.

      • halcyoncmdr@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        18 days ago

        App Pinning DOES NOT lockdown the device, even if you have it set to require a PIN to unpin, biometrics still work to unlock the device.

        It also gives you a warning that personal data may still be accessible and the pinned app can open other apps. It specifically says “Only use app pinning with people you trust”… which is the exact opposite of the use case here. And app pinning is turned off by default, you have go go searching in the settings to enable the ability.

        • MentalEdge@sopuli.xyz
          link
          fedilink
          arrow-up
          3
          ·
          18 days ago

          Was definitely on by default on my device.

          Personal data is still accessible, if the app you choose to pin is something like the dialer, or your mail app, then yes, you can obviously access contacts and emails. The feature doesn’t block the pinned app from accessing everything it normally accesses.

          As for opening other apps, this applies to stuff like links or launchers. If the app has links somewhere, you could open your default browser app. It does not allow you to “escape” the pinned app to anywhere else in the system, unless the pinned app has a way to launch other apps the way launchers do.

          The feature could certainly use improvement, but if it were only useful with people you trust, it would be pointless.

          It’s obviously intended for situations where you have to let someone use your phone, and don’t want to give them free reign. With people you trust, you wouldn’t need something like that.

          It’s far better than nothing, and is in fact part of android.