Platform-native Identity Threats to ID.me
ID.me
This risk matters because the companies that own the phone, login, and cloud stack can turn identity into a built in feature instead of a separate purchase. Apple and Google are already moving digital IDs into Wallet at the device layer, while Microsoft packages verifiable credentials inside Entra. If those credentials become widely accepted for government and enterprise access, ID.me gets pushed toward the hardest exception handling work instead of owning the main verification flow.
-
Apple is not just storing IDs, it now gives apps and websites a native Verify with Wallet flow, using Face ID or Touch ID and issuer backed credentials. That means a bank, insurer, or agency can ask for identity data inside an iPhone flow the user already trusts.
-
Google is building the same habit on Android. Google Wallet supports digital state IDs and passport based ID passes, and some apps, websites, and in store flows can already accept them for age and identity checks. That shifts distribution toward the operating system, not the standalone identity vendor.
-
Microsoft attacks from the enterprise side. Entra Verified ID lets companies issue and verify reusable credentials inside a broader identity suite, so identity proofing can be bundled into an existing security budget. That is the same bundling pressure hitting other auth vendors like WorkOS and Stytch from cloud platforms.
The next phase is a split market. Platform wallets will absorb the easy, high volume identity moments, while neutral providers win where cross platform reach, government procurement, and human fallback still matter. ID.me's future depends on becoming the trusted bridge across ecosystems, not just another wallet inside one of them.