The Unique Identification Authority of India [“UIDAI”] recently, on January 28, 2026, released a new version of the Aadhaar App [“new App” or “the App”]. The new App is meant to update the legacy mAadhaar platform and to transform it into a dynamic privacy-first identity management platform. In fact, Sh. Jitin Prasada, the Union Minister of State for Commerce and Industry and Electronics & Information Technology, in the launch event, dedicated the App to the nation and claimed that the App has been designed “keeping people at its core”, aimed at easier navigation and increased digital services.
The privacy and security of a person’s personal data are of the utmost significance in today’s digital world, especially in light of the newly enforced Digital Personal Data Protection Act, 2023 [“DPDP Act”] and the Rules thereunder [“DPDP Rules”].
In line with this, the UIDAI has described the application as privacy-first and designed in a manner that supports users’ data rights by adopting the principles of data minimisation and user-centred consent. The App is further intended to reduce dependence on physical Aadhaar cards and informal digital copies. More broadly, the App seems to be an effort to update how Aadhaar is used across the nation in different sectors.
The App seeks to simplify verification processes while also giving individuals greater control over how their Aadhaar information is shared.
OVERVIEW OF THE NEW AADHAAR APP: NEW FEATURES INTRODUCED
Most prominently, the new App has introduced the following features:
- Multi-Profile Management: One Family - One App: Moving beyond the single-user limitation, the App now allows the management of up to five Aadhaar profiles on one device. This is specifically designed for multi-generational households where children or elderly members may not possess their own smartphones.Example: A parent could manage the Aadhaar IDs of their minor children easily.While convenient for the management of household IDs, it may increase the responsibility of the user to secure the device and biometric authentication credentials.
- Online Updates of Mobile and Address: The users can now update their registered mobile number and address directly through the new App, by uploading the necessary documents through the App, which will then be processed by the UIDAI. In fact, the provision of other such updates through the App is currently in the works.While this makes the process effective and efficient, the validation of uploaded documents becomes all the more critical to minimise legal risk and user frustration.
- Selective Data Sharing: Instead of sharing complete profiles, users can choose to share only limited identity attributes such as name, photo, and age with Offline Verification Seeking Entities [“OVSEs”]. This helps to control exactly which details show up. Moreover, the Aadhaar [Sharing of Information] Regulations, 2016, mandate that verifiers cannot store the Aadhaar number and can only take digitally signed credentials for a limited use.In line with this, the update allows users to share only the specific identity fields required for a particular use case through customised QR codes generated by the requesting entities.Example: A cinema hall verifying age eligibility for ‘Adults only’ movie could confirm that the user is above 18 years or not without accessing the address or Aadhaar number, or a hotel can verify the identity of a guest through a QR scan rather than taking photocopies of Aadhaar Cards.
- Offline & QR-based Verification: By leveraging secure QR code scanning to authenticate identity by the OVSEs, the new and updated App allows a privacy-first experience, offering ease of use across the entire spectrum of users. Further, QR-based contract cards also offer easy sharing of contact details.
- Authentication History: The new App displays a record of all the authentication transactions that were done in the past 6 months using the Aadhaar number. Of these, a maximum of 0 records can be viewed at once. This feature aligns with Section 32 of the Aadhaar Act. The authentication history records shall include Authentication Modality, Date & Time of Authentication, UIDAI Response code, AUA Name, AUA Transaction ID [With Code], Authentication Response [Success/Failure], and UIDAI Error code.
- Biometric Lock and Enhanced Security: The new App provides the biometric locking system, which requires user consent to fetch identity details for verification. Further, the user will have the option to turn off biometric authentication temporarily for all authentication requests. Biometric verification will be identified as failed when it is locked. Thus, it ensures that no one will be able to use the biometrics of the user without their knowledge. This feature is based on Section 8 of the Aadhaar Act, which provides that Aadhaar Authentication must be based on voluntary usage and informed consent.Example: If any phone is stolen, then this biometric lock will prevent the misuse of Aadhaar Authentication even if the device is accessed.However, it is pertinent to consider that despite enhancing the security of personal data and privacy of a user, losing authentication access to the system could lock the user out of accessing their own identity details, which will affect the critical services unduly.
- Face Authentication and Time-Based OTPs: This app uses Face-based Authentication for login and verification. Earlier, login and verification were done via OTPs, which can be risky given the prevalence of SIM-swapping fraud. This feature reduces the reliance on OTPs.
IMPACT ON DATA PRIVACY
The App works across both Android and iOS devices. It aims to reduce the dangers to data protection and privacy by reducing the dependence on and use of paper copies of Aadhaar, especially in hotels, movie theatres, et cetera, where Aadhaar is used for verification of users for providing services.
In this manner, the App provides an effective update to the foundation of the existing mAadhaar structure to provide more benefits with tighter safeguards to protect personal data and user privacy. The DPDP Act mandates that entities collect only the data strictly necessary for a specific purpose. This is data minimisation. The new Aadhaar App’s Selective Data Sharing directly aligns with this principle. Furthermore, the App provides more autonomy and control to the User, allowing them to make informed and consensual choices only. Users can now exercise their right to purpose limitation, which ensures that consent is not just a formality but a functional choice.
The App’s updated security features, including biometric authentication and Face ID, empower users to deactivate authentication capabilities at will, ensuring that identity details remain inaccessible without explicit authorisation. This further strengthens data protection and user privacy and reinforces statutory protections against the illegal retention of biometrics by third parties.
In fact, it is interesting to note that the App also aligns with subtler principles, as well. The ability to disable biometrics and update features aligns with the “Right to Updation/Erasure” principles inherent in the DPDP Act. By facilitating offline verification that masks sensitive identifiers, it reduces the digital footprint left behind during routine transactions. This design directly supports the DPDP Act’s core principles: the right to access, correct, and withdraw consent at will.
While the App makes substantial steps transitioning from a static identification tool to a dynamic, privacy-centric management platform, including incorporating principles from the DPDP Act, 2023, and the Aadhaar Act, 2016, the systematic danger, given the sensitive nature of the data, still poses a threat. While the App improves the “front-end” privacy [what an OVSE sees], it does not address “back-end” concerns regarding the central database’s security or the potential for state surveillance. Furthermore, the mandatory nature of Face Authentication for certain updates raises questions about the storage and usage of facial templates within the broader digital ecosystem.
Over time, clearer regulatory guidance and more consistent standards for entities that rely on the app may be required to ensure its privacy-focused features are applied responsibly.
The success of the app will depend on two factors: the stability of its technical infrastructure and the willingness of private businesses to stop demanding physical photocopies in favour of the App’s digital innovative solution.
LOOKING FORWARD
The new Aadhaar app represents a significant milestone in the identity verification framework by reducing unnecessary data sharing and providing users more control and autonomy over their data sharing. In this manner, it addresses several long-standing concerns linked to Aadhaar usage. Therefore, it acts as a practical tool that can optimise identity verification while also complying with current privacy requirements.
That being said, it has its own set of challenges to encounter as technical disabilities and accessibility to every class and society of a diverse country. Therefore, to truly protect citizens, the App and its policies must remain transparent and intuitive.
