Narendra Modi app shares private data of users with American firm without consent of users, says French Cyber Security Researcher
Narendra Modi app shares private data of users with American firm without consent of users, says French Cyber Security Researcher, Elliot Alderson (fs0c131y). Also he has been exposing loopholes in the Aadhaar security system as well as BSNL database system since January and reported via his Twitter handle.
The intend of Narendra Modi App ( NaMo App) is to extend the reach of Prime Minister on social media and collect the suggestions and feedback given by 50 Lakh+ users to feature in his talk “Mann ki Baat”.
Recently Prime Minister Office asked National Cadet Corps to collect Emails and Phone Numbers of cadets after downloading the Narendra Modi App in order to have a direct interaction with the Prime Minister of India. Opposition Party Congress had opposed this decision and also ran a campaign on twitter with the hashtag #DeleteNamoApp.
According to Elliot Alderson, when you create a profile in the official Narendra Modi App (Android App), it collects your device information as well as your personal data and sends it to a 3rd party domain called http://in.wzrkt.com . The device data are Operating system, Network type, Carrier and Personal data like your email, photo, gender, name etc. However users are unaware about all these things.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
Alderson said while explaining his findings that the Narendra Modi app after collecting the data sends them to that domain which is a phishing link classified by the company G-Data on Virustotal Site. The website is hosted by GoDaddy and the whois information is hidden.
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers” says, Elliot Alderson.
What does the Narendra Modi App states:
When you install the app and goes to FAQ section of the app and read the some of its listed data it says:
1. When I share anything from Narendra Modi App, does the app store my credentials or personal data?
Ans. No, Narendra Modi App does not store your credentials or personal data related to your social media accounts, except for details of name and id and that too after your specifically given permission.
2. Why does Narendra Modi app seek various kinds of information from users while registering?
Ans. The Narendra Modi app requests information to customize content in your home feed according to your areas of interests and enrich your experience on the app.
3. Is the data we enter during registration safe?
Ans. The data your provide on the app is strictly private, housed safely and not passed on to anyone else.
In other tweets, Alderson said that I had a nice discussion with the App Team (via App team’s new twittter profile). Check below Image.
Notably, The Cyber Security Researcher Elliot Alderson has flagged security issues related to sharing of personal information and data breach in past too. Recently this year he found a loophole in BSNL’s website (an Indian state-owned telecommunications company) and reported to the concern department of the company.
It is not the unusual case where involvement of third party is there in application development. But the worrying thing is who will take responsibility if data shared with third party even for the improvement of user experience is misused ?. There should be an security audit every year like Indian Govt. orders the concerning authority to audit the departments related to transactions and other things.
What do you say about this indecent and share your thoughts in comment section below, how Indian Govt can secure your personal information ?