This is absolutely insane, this supposedly is built to handle our identification and personal information of the whole EU.
You must log in or # to comment.
Other issues:
- Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
- “UseBiometricAuth” is a boolean, also in the same file. Set it to false and it just skips that step.
Oh my god what. Did they let Claude write this? I mean… fucking hell…
At least in Germany you don’t need slop to write completely broken government software, we’ve been doing that for decades.
And afterwards they tell some whiny tale how the people are to blame and cry about those backward Germans opposing digitalisation.
When in reality there is only broken bullshit and so it becomes second nature to avoid it (like for example of course officially objecting to your participation in the new digital medical file years before the roll out… so about a year and a few days before the data of the few who missed it gets leaked).
Honestly Claude would probably do a better job …
The README.md file also has lovely emojis in it. Their documentation writer is either a 14 year old or generated with an LLM in places.
Huh, where did you find emojis? I found one lightbulb emoji in the iOS README. And some in their bio. But that’s basically it for the 7 READMEs of the various sub-projects?!
There’s a couple on the root org readme:
https://github.com/eu-digital-identity-wallet
Is it affirmative of AI? It’s not a good look for what should be one of the utmost professional software projects I the EU.
Ah, I get it. Yes. That section is weird. And it’s unalike the bureaucrat English around it. And I’d say the call to action: “Embark on a journey […]” is pretty much like ChatGPT sounded 2 years ago. I’m fairly certain the other text comes from humans with some expertise in writing legalese or specifications, and this will be a ChatGPT snippet.
The committer also has this weird habit of naming their commits “Update Readme.md”. So I’m also fairly sure they’re not your average open-source developer using Git how it’s intended.
Most other markdown files in that specific directory smell of ChatGPT as well.
Remember guys, it’s not if there’s a data breach, but when.
My first thought was, has someone considered filing a bug report? But boy are the issues and PRs bad. Someone linked the Xitter post, though.
https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui
Dunno what kind of state the project is in. Seems development is very active. Maybe it’s more an early tech demo? But they should probably be more upfront, if it is… And not have Ursula announce this is an App?!
And does the EU Wallet App (which it is forked from) contain the same basic design flaws?
I mean, unless there’s an advertised and honored bug bounty I wouldn’t report it. If you want me to fix your shit software you’re going to pay me for it, and pay me well
Well, in theory it’s your software anyway… In case you’re an EU citizen.
Not really following this one:
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn’t be encrypted at all - that’s a really poor design.
Isn’t the PIN supposed to be a secret? Why would it be bad to encrypt it?
There is no point to this.
It’s a pin, why would you store it at all? Why would you put a password on your password and store it?
edit: Just got those who don’t do software development it’s considered generally bad practice to store the plain text of a password (encrypted or not).
The correct approach is to run the password through a one way hash algorithm and store the result. The hash algorithm always produces the same result for any given password but it is very difficult to do the reverse and figure out what password was used to generate what result.
So you store the result on your side and when the user submits a password you run it through the same one way hash algo and compare the result with the one you have on file. If they match the password is correct.
Any developer who has ever made baby’s first Login should know this stuff it’s very basic web development.
