> These mobile driver’s licenses (mDLs) will be issued by state driver’s license agencies, but the standards incorporated into the TSA rule require that they be deployed through smartphone platforms (i.e. Google and/or Apple) and operate through government apps that collect photos of users and log usage of these credentials.

This is utterly ridiculous, at least for driving. Anyone who needs to validate that someone’s driver’s license is authentic should be well-equipped to query the relevant state’s database and look it up. Just like how they would search for outstanding warrants, Amber Alerts, etc.

With that in mind, surely it should be legal to drive with a photo of one’s driver’s license, a copy of one’s license, any app whatsoever that can display a license, etc. There is basically no security added by a fancy add by an approved contractor — at most they can do some “device posture” crap to sort of prove to a reader that the app thinks that the phone it’s on really does belong to the owner of the license, which is a silly form of security by overcomplication. If I want to pretend to be my friend, I can borrow their phone or their actual drivers license just fine.

I'm with you in spirit, but I think the threat model they're trying to address is someone passing as you and needing only biometrics or a little personal information to succeed. Maybe your sibling looks enough like you, or someone acquired your ID and then alters their appearance to match. If your one true ID is a single physical token, then this threat is harder to pull off.

This is also why IDs are not accepted when they expire -- if they were accepted, then my underage brother might take my old one to buy beer. I've been in the ridiculous situation of saying "I know my ID has expired, but I assure you I have not. I'm still me."