Beginning of 2018, I analysed the official Android app of an Indian governmental program called Aadhaar. Aadhaar is a 12-digit unique identity number that can be obtained by residents of India, based on their biometric and demographic data. With 1.234 billion holders, Aadhaar is the biggest identification program of the world.
The surprise was huge when I discovered multiple vulnerability in this application used by millions of people.
From the analyse of the app, the description of the vulnerabilities, the attempt of responsible disclosure to the Indian Government, to the media impact of this work, this presentation gives the full story of this incredible journey.