惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
Recorded Future
Recorded Future
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Y
Y Combinator Blog
N
News | PayPal Newsroom
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
博客园 - Franky
SecWiki News
SecWiki News
Recent Announcements
Recent Announcements
T
Troy Hunt's Blog
The Register - Security
The Register - Security
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
S
Security Affairs
博客园 - 司徒正美
S
Schneier on Security
I
InfoQ
博客园_首页
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Threat Research - Cisco Blogs
Forbes - Security
Forbes - Security
腾讯CDC
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
Cloudbric
Cloudbric
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
A
About on SuperTechFans
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
V
Vulnerabilities – Threatpost
C
Check Point Blog
Google DeepMind News
Google DeepMind News
Google Online Security Blog
Google Online Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cisco Blogs
Schneier on Security
Schneier on Security
O
OpenAI News
K
Kaspersky official blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
What is World App? Inside the wallet, ID and mini apps
Anupp · 2026-06-19 · via DEV Community

If you have spent any time reading about World ID or Worldcoin and found yourself more confused after, you are not alone.

The naming is dense. World App, World ID, Worldcoin, World Chain, World Network. They are related but they are not the same thing, and most explainers either treat them as interchangeable or go so deep on one that the others disappear.

This article separates them clearly. It starts with World App because that is the thing most people encounter first, then works outward to what World ID does inside it, what mini apps are and how Worldcoin fits in.

If you want the deeper layer on how proof of human works cryptographically, What is World ID? How proof of human works without revealing who you are covers that in full. For the broader context on where this sits inside the digital identity landscape, Digital identity in 2026: what it is and why it is changing fast is the place to start.

What World App actually is

World App is a mobile application developed by Tools for Humanity (TFH). It is available on iOS and Android, free to download.

The simplest description: World App is a super app that combines three things in one interface.

  • A self-custody digital wallet
  • A World ID credential manager
  • A platform for mini apps built by third-party developers

In September 2025, World App became the most-used self-custody digital wallet globally by monthly active users, according to SensorTower data on self-custodial wallets. Someone signs up for World App every 1.7 seconds. Every 3.6 seconds, someone verifies at an Orb.

Those are not vanity metrics. They matter because the utility of a credential network scales with how many places accept it and how many humans hold it. World App is the primary interface through which both of those things happen.

The three layers: wallet, ID and mini apps

Layer 1: The wallet

The wallet in World App is self-custody. That means you hold your own private keys. TFH does not control your funds and cannot freeze or access them.

The wallet supports:

  • Worldcoin (WLD): the native token of World Network
  • USDC: Circle's USD-pegged stablecoin
  • EURC: Circle's euro stablecoin, launched on World Chain in late 2025
  • Other digital assets supported on World Chain

The wallet is designed for practical use, not just holding. World Chat, secured by XMTP, is available natively to all World App users, bringing together proof of human, global payments and mini apps in a single experience. You can send funds to contacts directly from the chat interface, which removes the friction of switching between an app and a separate payments flow.

Usernames are now supported in the wallet, so P2P transfers work by username rather than requiring a wallet address. For anyone who has tried to copy-paste a 42-character Ethereum address on a mobile keyboard, this matters.

A note for US users: Worldcoin (WLD) distribution via World App is not available in New York state due to regulatory restrictions. The wallet itself and all other features are accessible. Check the World App support documentation for the current list of geo-restrictions before building any integration that assumes token distribution.

Layer 2: World ID

World ID is the credential layer inside World App. It is not a login system in the traditional sense. It is a proof of human credential — a way to prove you are a unique biological human to any service that accepts World ID, without disclosing your name, address or any other personal data.

The mechanism in brief: the Orb, a hardware device, takes images of your face and eyes to verify you are a unique human. Those images generate a mathematical hash called an IrisCode and are then deleted. Zero-knowledge proofs (ZKPs) let you prove your World ID is valid to any service without exposing the underlying data.

The result: when you connect World ID to Tinder, Zoom, a ticketing platform or any other supported service, that service receives cryptographic proof that a unique human is behind the account. It does not receive your name, your IrisCode or any information that links your usage across services.

For the full technical explanation of how ZKPs work in this context and what the system does and does not collect, see the World ID pillar on Hashnode.

As of April 2026, World ID has over 18 million Orb-verified humans across more than 160 countries (source: World).

Layer 3: Mini apps

Mini apps are web applications that run natively inside World App. They were introduced in October 2024 and have grown significantly since.

World mini apps hit 100 million downloads and 1.5 billion opens as of October 2025. As of January 2025, mini apps were seeing as many as 5.4 million opens per day from over 1 million unique humans.

Mini apps span several categories including gaming, social networking, finance and prediction markets. Notable examples include Polymarket, which lets World App users participate in prediction markets using WLD or USDC directly from their wallet.

The developer angle is relevant here. World runs a Developer Rewards program that rewards qualifying developers on a monthly basis based on how many verified humans use and benefit from their applications, with an initial pilot targeting $300K USD in rewards paid in WLD. The incentive is structured around verified human engagement specifically — not raw traffic or installs. That design choice reflects the broader World thesis: human-verified usage is worth more than bot-inflated numbers.

If you are building for World App, the World developer documentation covers the mini app SDK, World ID integration and World Chain tooling.

How the three layers connect

This is the part that most explainers skip over.

World App, World ID and Worldcoin are designed to reinforce each other. The connection is not just technical — it is structural.

World ID creates a verified human population. Mini apps serve that population. The wallet moves value between them. World Chain provides the settlement layer that makes the whole thing composable.

A concrete example: a mini app developer builds a prediction market inside World App. Because World ID gates access, the developer can guarantee that each participant is a unique verified human. That guarantee changes the quality of the market. The wisdom-of-crowds effect that prediction markets rely on works better when each participant is a real, unique human rather than one person with many accounts or a bot.

This is why World Chain is maintaining the highest UOPS/TPS ratio of any Ethereum blockchain according to L2Beat, which provides a strong signal that World Chain is mostly comprised of real humans using apps and not bots doing automations.

The proof of human layer makes the whole network more useful — for developers, for users and for any service that integrates World ID.

World App vs World ID: the clearest way to separate them

This is the question that causes the most confusion. Here is the simplest frame:

World App is the mobile application. It is the interface. You download it, use it to manage your wallet, access your World ID and open mini apps.

World ID is the credential. It is the proof of human that World App houses but does not own. You can use World ID outside of World App — on websites, in other apps, wherever a service has integrated it.

The relationship is similar to Apple Wallet and your driver's license. Apple Wallet is the app. Your license is the credential. The license has utility outside the app. The app makes the license easy to carry and present.

Worldcoin (WLD): what it is and what it is not

Worldcoin is the token that runs on World Chain. It is not the same as World App, World ID or World Network.

Worldcoin is a utility token used within the network for transaction fees, developer rewards and in certain mini apps. It is listed on major exchanges.

What it is not: Worldcoin is not required to use World App. You do not need WLD to hold World ID, to send USDC or to use mini apps. The token is one part of the network, not a prerequisite for the rest of it.

US-specific note: WLD is available on centralized and decentralized exchanges but is subject to geographic restrictions for in-app distribution. New York residents cannot receive WLD distribution via World App directly. This is a regulatory restriction, not a technical one. Check World App support for current availability in your state.

What World App does not do

Being clear about the limits is as useful as describing the features.

World App does not:

  • Store your biometric images. The Orb takes images of your face and eyes to generate an IrisCode. The images are deleted. World App holds the credential, not the underlying biometric data
  • Collect your name, address, phone number or government document
  • Track which services you use World ID with. ZKPs make usage unlinkable across applications by default
  • Guarantee WLD availability in all US states. New York has specific restrictions

For developers integrating World ID into external applications: World ID verification happens through the World ID API. Your application receives a nullifier hash that proves a unique human confirmed the action, without receiving any personal data. The FIDO Alliance authentication standards are complementary to this approach for account-level security.

US context: why this matters right now

For a US audience, World App lands at a specific moment in a specific conversation.

The FTC recorded over $12.5 billion in fraud losses in 2024, a 25% increase over 2023. Romance scams, account takeovers and synthetic identity fraud are the categories driving the steepest growth. These are problems that centralized authentication — email, phone, CAPTCHA — does not structurally solve.

Biometric data collection is governed at the state level in the US, with the Illinois Biometric Information Privacy Act (BIPA) as the most litigated framework. Texas, Washington and California have equivalent statutes. The fact that World App deletes biometric images after generating the IrisCode is directly relevant to how these laws apply — though anyone with compliance obligations in these states should review the applicable statute directly.

Deepfake legislation is moving through Congress. The DEFIANCE Act, which targets nonconsensual deepfake content and gives victims civil rights of action, passed the Senate unanimously in 2024 and was reintroduced in 2025. Zoom's integration of World ID's Deep Face feature for video meeting participant verification sits directly in this legislative context.

The point is not that World App solves these problems unilaterally. It is that the problems are real, US-specific and growing, and World App is one of the few production-scale implementations of a structural alternative to behavioral bot checks and centralized credential storage.

Summary

  • World App is a mobile application that combines a self-custody wallet, a World ID credential manager and a mini app platform
  • The wallet supports WLD, USDC, EURC and other digital assets on World Chain. Note that WLD distribution via World App is restricted in New York state
  • World ID inside World App is a proof of human credential. It proves you are a unique human to connected services without disclosing personal data. Biometric images are deleted after IrisCode generation
  • Mini apps are third-party web applications that run natively inside World App. They had over 100 million downloads and 1.5 billion opens as of October 2025
  • World App, World ID and Worldcoin are distinct but interconnected. You do not need WLD to use World ID or the wallet
  • As of April 2026, World ID has over 18 million Orb-verified humans across more than 160 countries

Frequently asked questions

Is World App available in the US?

Yes. World App is available on iOS and Android in the US. Note that WLD token distribution via World App is restricted in New York state. The wallet, World ID and mini apps are accessible across the US, subject to individual mini app availability in your location.

Does World App collect personal data?

No name, address or phone number is collected. The Orb takes images of your face and eyes to generate an IrisCode. The images are deleted after generation. The IrisCode is a mathematical hash that cannot be reversed into the original image and does not contain identifying information.

What is the difference between World App and World ID?

World App is the mobile application. World ID is the credential it houses. World ID can be used outside World App, on any service that has integrated it. Think of World App as the wallet and World ID as one of the cards inside it.

What are mini apps and how do I build one?

Mini apps are web applications that run natively inside World App. They are built using standard web technologies and the World mini app SDK. Developer documentation is at docs.world.org. World also runs a Developer Rewards program that pays qualifying developers in WLD based on verified human engagement with their apps.

Is Worldcoin the same as World App?

No. Worldcoin (WLD) is the token. World App is the application. You can use World App without holding or using WLD.

How does World ID work with BIPA and US biometric privacy laws?

The Orb takes images of your face and eyes and immediately generates an IrisCode from them. The images are then deleted. The IrisCode is stored as a hash, not as biometric imagery. How this interacts with Illinois BIPA, California CPRA and equivalent state statutes depends on your specific compliance obligations. Review the BIPA statute directly or consult legal counsel for compliance-specific guidance.

Can I integrate World ID into my own application?

Yes. World ID has a public API and SDK. Integration lets you request proof that a user is a unique verified human. Your application receives a nullifier hash rather than any personal data. See docs.world.org for the integration guide.

Related links