Comment by jeroenhd

They use attribute based attestation which should be mostly anonymous. The long term goal was also to implement zero knowledge proofs which would make things like age verification fully anonymous, but because of technical reasons and development constraints that idea seems to have been postponed.

The reason you can't distribute a huge amount of proofs is that the app won't let you. To make sure the app won't let you, the app tries to verify that you're not running a modified app or a modified system environment. That's the remote attestation that "bans any android system not licensed by Google".

These tokens are signed and only usable for a limited amount of time so you can't just generate a million of them and sell them for others to use.

If the app can't rely on the system working as it should, it'll need to contain less privacy-friendly measures for limiting large scale token abuse.

For the proof to be traced back to your identity, you'd need to be tracked consistently across websites, possibly with the aid of the government itself. If ZKPs make it into the app, tracking you is basically impossible.

Of course, if you're authenticating with your full name and birth date, when opening a bank account for instance, you're not going to get the anonimity benefits. Still, you do get to see what party you've authenticated with and get a button in the app to request deletion or report suspicious behaviour if you think it was a scam.