Europe's age verification app, 'cracked in 2 minutes'. Telegram boss thinks it's a 'surveillance mechanism'
The new European Age Verification App is being heavily criticized by Telegram founder Pavel Durov after a security expert claimed the program's protections can be bypassed in less than two minutes.
European Commission chief Ursula von der Leyen two days ago praised the new app designed to allow users to confirm their age online without providing personal data to major platforms, eliminating the need for websites to collect sensitive information.
Security consultant Paul Moore detailed what he described as fundamental design flaws in the EU's age verification system, Cybernews notes.
“Seriously, Von der Leyen – this product is going to be the catalyst for a huge breach at some point. It's just a matter of time,” he said.
Hacking the #I #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all – that's a really poor design.
2. It's not… https://t.co/z39qBdclC2 pic.twitter.com/FGRvWtWzaZ— Paul Moore – Security Consultant (@Paul_Reviews) April 16, 2026
Security measures, easily bypassed, claims the expert
Security consultant Paul Moore published a video on X showing how easy it is to bypass security measures in the EU's new age verification app, and he didn't need anything sophisticated to do it.
The expert found that parts of the system relied on data stored on the device in a way that could be modified, which opened the door to bypassing checks that should have been blocked.
The head of Telegram, Pavel Durov, claims that, in fact, the vulnerability exposed by the specialist is part of the plan of the European authorities, who want to turn the application into a surveillance mechanism for the citizens of the EU bloc.
“Don't be too quick to laugh at European bureaucrats”
“This app was hacked in just 2 minutes. But don't be in a hurry to laugh at European bureaucrats,” Durov wrote on his Telegram channel.
He claims the app “was vulnerable from the start” because it “trusts the user's device (that means it's game over instantly)”.
Durov added that if the European Union is “not run by clowns”, then their real plan is to present a “privacy-friendly” app but full of security holes, wait for it to be cracked and then remove the privacy to “fix” the app.
According to Durov, the result of this “surprising hack” gave them this “excuse to start quietly turning their 'privacy-friendly' age verification app into a surveillance mechanism for all Europeans”.
“Be vigilant,” urged the Telegram founder, whose channel has more than 10 million followers.
The head of the EC announced that the application is ready
The European Age Verification application is ready for use, the head of the European Commission, Ursula von der Leyen, announced on Wednesday.
“This app gives parents, teachers and caregivers a powerful tool to protect children. We will have zero tolerance for companies that do not respect our children's rights,” she said.
The European Commission says it is working on a harmonized EU-wide approach to age verification:
“The initiative aims to enable EU users to prove they are of age to access legally age-restricted websites, starting with the age of over 18 to access online adult content such as pornography, gambling, purchasing alcohol and more. It is a key step in supporting the implementation of the Digital Services Act.”
The solution can also be easily adapted to check other age categories, for example 13+, according to the cited source.
Australia introduced a ban on social media for under-16s in December, becoming the first country in the world to do so.
Various countries are considering or moving toward similar bans.
