/Aadhaar-Offline-KYC-Android-Library

:iphone: :star: Publish this Android library as a open source to easily implement Offline KYC using Aadhaar Secure QR Code in Android app without any external SDK and API.

Apache License 2.0Apache-2.0

Offline KYC using Aadhaar Secure QR Code - Android Library

Hello Guys, I have created and publish this Android library as a open source to easily implement Offline KYC using Aadhaar Secure QR Code in Android app without any external SDK and API.

What is Secure QR Code in aadhaar:

Secure QR Code currently presents on Aadhaar print-letter and e-Aadhaar. It contains only the demographic information of the Aadhaar holder. UIDAI is replacing the existing one with a new Secure QR Code which will now contain demographics as well as photograph of the Aadhaar holder. Information in Secure QR Code will be made secure and tamper-proof by signing it with UIDAI digital signature

Requirement for this library

For Developer: You need to download updated public certificate from UIDAI web site. currently i added all required updated certificate in it.
For App User : User need to generate secure qr code if it has old aadhar print because UIDAI regularly maintain security for our Indian residence (aadhaar card holder) and old aadhaar card is not generated with Digital Signatures Certificate.

How it Works

1. Scan Secure aadhaar QR and pass response 2. Internally check, validate with Digital certificate and Return aadhaar user details 3. You can perform Offline KYC using inputing mobile number & email if connect with aadhaar card.

Implementation

You can clone this repository and import this project in Android Studio.

Using Gradle

In your build.gradle file of app module, add below dependency to import this library

    dependencies {
      implementation 'com.gpfreetech:aadhaarofflinekyc:1.1'
    }

In Your Working Activity

In Android app, Create activity and implement step where you want to add. In demo app I have already created MainActivity.java

Initializing AadhaarParser :

See below code.

 AadhaarParser aadhaarParser=AadhaarParser.getInstance(this);

 aadhaarParser.parse("YOUR_AADHAAR_CARD_SCAN_STRING", new OnAadhaarResponse() {
                                    @Override
                                    public void onAadhaarResponse(AadhaarUser aadhaarCard) {
                                       
			// aadhaarCard is your user model object
                                        Intent intent = new Intent(getApplicationContext(), ProfileActivity.class);
                                        intent.putExtra("card", aadhaarCard);
                                        startActivity(intent);
                                    }
                                });

Return Field Details:

Method Description
getUid() this method use to get user uid. Uid in the form of XXXLASTDIGIT .i.e mask format or uid converted as RefId in Secure QR code. Uid is use to verify Mobile number and email address
getName() use to get user name
getAddress() get full address of aadhaar user
getDob() get DOB of user. It may be full DOB or only year. it depend on aadhaar detail
getGender() use to get aadhaar user gender in format of "M", "F" or 3rd is common this is not fixed format
isVerified() This is imp boolean return method, which is used to check Secure QR code is generated by valid digital certificate and also check in offline with valid digital certificate as per UIDAI SECURE QR CODE specification guidelines.
getEmail() return email address in encoded format which is use to verify with user input for offline KYC. NOTE: if qr code response from old / normal aadhaar card then email return in XXX format .i.e. mask format. This string is not used for offline KYC
getMobile() return mobile number in encoded format which is use to verify with user input for offline KYC. NOTE: if qr code response from old / normal aadhaar card then mobile number return in XXX format with last digit .i.e. mask format. This string is not used for offline KYC

Perform offline KYC after scan:

To verify input mobile number with scanned user:

     boolean isMobileVerify = aadhaarParser.verifyUserDetail(aadhaarCard.getUid(),"INPUT_MOBILE_NUMBER", aadhaarCard.getMobile());

To verify input email address with scanned user:

     boolean isEmailVerify = aadhaarParser.verifyUserDetail(aadhaarCard.getUid(),"INPUT_EMAIL_ADDRESS", aadhaarCard.getEmail());

Set Callback Listeners for response

To register for callback events, you will have to set ``OnAadhaarResponse` with instance as below.

        aadhaarParser.parse("YOUR_AADHAAR_CARD_SCAN_STRING",this);

Description :

  • OnAadhaarResponse() - This method is invoked when decoding is completed and ready to return aadhaar user details in complete model class format.
   @Override
   public void onAadhaarResponse(AadhaarUser aadhaarCard) {
                   // aadhaarCard is your user model object           
      }
   });

Important Note for indian aadhaar card Holder

Don't share your secure qr code and Offline XML zip file with an unknown or unauthorised person. Infact if you share your XML zip for offline KYC then please ensure that they are deleted or not.

Don't scan your aadhaar qr code with unauthorised person or mobile application which is available on the internet.

Download application from real app stores and check application (INTERNET) permission before scan your QR Code image from any qr code reader app.

Why,
Because, QR code is less than 1500 bytes of data. A 1 GB USB drive can hold approximately 5 lakh such QR codes. It is possible for someone to print and misuse stolen QR codes and Low resolution photos make it harder for service providers to identify unauthorised use. Even in the case of offline KYC XML, the file size is less than 15 kB.

I agree, Your data is secure with digital signatures, But similarly your data is unsecured with digital signature. Most important thing in the digital world is user precaution about sharing info rather than depending on system security.

Suggestions are welcome.

Contribute

If you have any issues or ideas about implementations then just raise issue and we are open for Pull Requests. You All Welcome.