Reach security professionals who buy.

850K+ monthly readers 72% have budget authority
Advertise on MyPrivacy.blog →

On April 28, 2026, Google and India’s Unique Identification Authority of India (UIDAI) announced that Aadhaar Verifiable Credentials can now be stored and presented directly from Google Wallet. The pitch is seamless and convenient: instead of carrying a physical Aadhaar card or opening a government app, Indians can now tap their phone to prove identity at banks, airports, and government offices. Google frames it as “limited data sharing” — the wallet confirms what needs confirming without exposing the underlying biometric record.

What the press release doesn’t dwell on is the infrastructure this normalizes. A US technology company is now the primary consumer distribution channel for the world’s largest biometric identity system — one that has already leaked the personally identifiable information of 815 million people onto the dark web, that research has linked to suppressed political participation among marginalized communities, and that India’s own courts have repeatedly struggled to constrain. The convenience is real. So is everything underneath it.

What Aadhaar Actually Is

Aadhaar is not a login system. It is a national biometric registry that has issued unique 12-digit identity numbers to over 1.4 billion people — effectively every Indian resident. The system handles roughly 2.5 billion authentication transactions per month and has processed tens of billions of electronic “know your customer” checks since launching in 2009. It is, by any measure, the most ambitious civilian identity infrastructure ever built.

The biometric record behind each number includes fingerprints from all ten digits, iris scans from both eyes, and facial photographs. These are stored centrally by UIDAI and used to verify identity when someone authenticates. The system has been progressively extended from its original government-services purpose into banking (mandatory for many accounts), mobile SIM registration, taxation, welfare programs, and now — through the January 2026 offline verification framework — into private-sector identity checks of all kinds.

The Google Wallet integration uses “Aadhaar Verifiable Credentials,” a newer technical standard designed to allow selective disclosure. In theory, a user can prove they are over 18 without revealing their date of birth, or confirm their name without exposing their full Aadhaar number. The credential is stored on the device rather than retrieved from UIDAI’s servers at the moment of verification. Google’s documentation emphasizes that the underlying biometric data is not transmitted during a Wallet-based check.

That is the best-case version of how the system works. The history of Aadhaar suggests the gap between the best-case version and operational reality deserves scrutiny.

The Security Record

In October 2023, a threat actor posted on a dark web forum claiming to sell the personal data of 815 million Indian citizens — names, phone numbers, addresses, and Aadhaar numbers — sourced from the Indian Council of Medical Research. Subsequent reporting confirmed the breach was real. The World Economic Forum later identified it as the largest biometric identity breach on record globally.

That was not the first. In 2018, a Tribune India investigation found that anonymous operators on WhatsApp were selling unauthorized access to Aadhaar’s database for 500 rupees — roughly six dollars — per search. UIDAI disputed the characterization and filed a complaint against the journalist. In 2019, a French security researcher documented hundreds of millions of Aadhaar records exposed through unsecured government and insurance portals. UIDAI’s standard response to breach disclosures has been to deny the severity of the exposure and to pursue the messengers.

The structural problem is elementary: when you build a system where one database holds the biometric identifiers of an entire nation, and you make that database the authentication backbone for banking, healthcare, welfare, and telecommunications, the blast radius of any breach is categorical. Unlike a password or a credit card number, a fingerprint or iris scan cannot be reissued. The 815 million people whose Aadhaar data reached the dark web cannot change their biometrics.

The Surveillance Effect

Beyond breach risk, researchers have documented a quieter harm: the chilling effect of mass biometric surveillance on political behavior.

Studies of Aadhaar’s rollout found that awareness of government surveillance capability — even without evidence of active monitoring — measurably reduced political participation among marginalized communities. Populations most dependent on government welfare programs, where Aadhaar authentication became mandatory for benefit access, showed reduced willingness to participate in protests, contact opposition politicians, or engage in organized advocacy. The mechanism is not complicated: if your ability to receive food rations, access your bank account, or maintain your mobile SIM depends on a government-controlled authentication system, the calculus around political dissent changes.

Civil liberties and digital rights organizations have raised this concern consistently through Aadhaar’s expansion. Their position has not changed with the Google Wallet integration. If anything, the normalization of Aadhaar as a consumer convenience — something you pull up alongside your boarding passes and loyalty cards — accelerates the pace at which the system becomes too embedded to meaningfully contest.

What “Limited Data Sharing” Actually Means

The phrase Google and UIDAI are using — “limited data sharing” — refers to the selective disclosure properties of Verifiable Credentials, a W3C technical standard. The credential is cryptographically signed by UIDAI, stored on the user’s device, and can be presented to a verifier who checks the signature without querying the central database.

In principle this is a meaningful privacy improvement over the older model, where every Aadhaar authentication pinged UIDAI’s servers and created a log of where, when, and for what purpose the credential was used. Selective disclosure means a pharmacy can confirm you are an adult without learning your exact birthdate. An airport can confirm your name matches your ticket without seeing your address.

In practice, several questions remain unanswered. Who stores the logs of Wallet-based presentations? Google’s infrastructure handles the credential storage and presentation — what telemetry does Google collect about when and where Aadhaar credentials are used? What happens to a user’s Aadhaar Wallet credential if their Google account is suspended, hacked, or subpoenaed? Indian law allows broad law enforcement access to digital records; does that access extend to Aadhaar credentials stored on Google’s infrastructure? Neither UIDAI nor Google has published answers.

The Template Problem

The deeper issue with the Google Wallet integration is not specific to India. It is the template it establishes.

Governments worldwide are building national digital identity systems: the EU Digital Identity Wallet, set to launch across member states in 2026. The UK’s digital driver’s license. Australia’s Digital ID Act. Mexico’s biometric CURP, currently requiring all 130 million phone users to link their SIM to a government biometric record by June 30, 2026. Each of these systems faces the same structural question that Aadhaar has been living with for fifteen years: who controls the infrastructure, who can access the logs, and what happens when the system is breached or the political environment changes.

The Google Wallet integration answers the distribution question for Aadhaar in a way that will be studied by every government building a digital ID program: partner with a platform that users already trust and already carry. The friction of adoption drops to near zero. The uptake accelerates. The system becomes load-bearing infrastructure before the policy debates about oversight and accountability are resolved.

That is not hypothetical. It is what happened with Aadhaar. It took fifteen years and a Supreme Court ruling — which found parts of the system unconstitutional — to establish even the current, imperfect limits on how Aadhaar data can be used. By the time those limits were established, Aadhaar was so deeply embedded in Indian civic and economic life that the Supreme Court explicitly declined to order it dismantled. Systems that are convenient enough, and embedded enough, become permanent.

What to Watch

If you are an Indian user considering the Google Wallet integration: the selective disclosure architecture is genuinely better than the older authentication model. But “better than before” does not mean “safe.” Read what Google’s terms say about data retention for government credential presentations. Understand that your Aadhaar credential is now one Google account compromise away from being accessible to whoever controls your account.

If you are watching this as a global privacy question: the Aadhaar-Google Wallet partnership is the clearest case study available of what it looks like when a national biometric identity system reaches scale and then recruits a Big Tech distribution partner to normalize it. The EU, UK, Australia, and Mexico are all building systems that will face the same moment. The decisions made now about audit rights, access logs, law enforcement interfaces, and data minimization will determine whether those systems are meaningfully different from Aadhaar — or whether they arrive at the same place through a faster route.

Privacy Resources

For organizations navigating biometric data compliance, vendor risk, and cross-border identity system requirements, CISO Marketplace provides privacy program assessments and vCISO consulting services.

Sources: Google and UIDAI announcement, April 28, 2026; TechCrunch on Aadhaar expansion; Business Standard on Google Wallet integration; World Economic Forum Global Risk Report on the 815 million record breach; Yale Insights on Aadhaar and political participation; The Paypers on UIDAI expansion; UIDAI offline verification framework, January 2026.