This project is not THE digital wallet, it is an early prototype of the wallet (which can be criticized for what it is, but the issue is somewhat orthogonal).
The actual infrastructure is not based on attenstation, if you read the guidelines (or the readme) they actually want to implement a double-blind approach with ZKPs, which imo is significantly better than a challenge-response pub key system in term of privacy as some suggested. And allows for cross-platform (and in theory hardware) support.
If you're not familiar this would mean the verifier doesn't learn anything except a statement about attributes (age, license, etc); and the EU doesn't learn what attributes have been tried to verify or by who.
Even if it is ZKP still… whole idea is just bad. I mean whole age-veryfication done by gov is bad.
And forcing one to use smartphone is even worse.