UIDAI provides you with an API not an application. Application can be developed by anyone who has license from UIDAI. You can program your application to record the fingerprint, send it to UIDAI for verification and you also have the option to store it or not to keep it. In an ideal world you are supposed to follow the rules. But, in the real world people still chose to break rules and we have criminals. The layman(customer executive) here was used as an example to make people understand. Any third party service like the airtel has ability to store the finger print and replay it. I agree, there are rules. But, they can break it.

Bharti Airtel used the Aadhaar-eKYC based SIM verification process to open payments bank accounts of its subscribers without their ‘informed consent’.

UIDAI Bars Airtel, Airtel Payments Bank from Conducting Aadhaar-based SIM Verification

In this case they were banned but that need not happen every time. This was because they did it to a massive number of people.

Third party services can break the rules and argue that the customer themselves did it.