My name is Modi, my app gives all info to US companies, tweets Rahul. PMO issues strong rebuttal
Two days after a French cyber expert claimed that Narendra Modi's app was releasing user information to third party domain(s) without consent, in a no holds barred attack, Rahul Gandhi today decided to name and shame.
The Congress president in a tweet traded barbs at the Prime Minister and said, "Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies."
Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.Rahul Gandhi (@RahulGandhi) March 25, 2018
Ps. Thanks mainstream media, you're doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH
Notwithstanding the vitriolic attack, the Prime Minister Office (PMO) released a statement minutes ago, mocking Congress and its accusatory chief of 'having zero knowledge of technology'.
The statement majorly explains the contours of the NaMo app and progresses to firefight the accusations of poor security feature or the deliberate data transfer to third party(s).
Part of the statement reads:
Narendra Modi App is a unique App, which unlike most Apps, gives access to users in guest mode without even any permission or data. The permissions required are all contextual and cause-specific. For example, a selfie campaign requires access to the camera and/or photo gallery. Contact access is required to connect with friends or fellow party workers on the New India connect module. If a person has entered his email address and date of birth, he receives a personalised birthday greeting from the PM. Each function asks for the specific permission when access is required. The app does not ask for blanket permissions when the app is started.
The data exposed by the French Twitter user is the data entered by the user on his own device. This is not a security breach. The person does not have access to any data apart from his own data.
Data is being used for analytics using third party service, similar to Google Analytics. The data in no way is stored or used by the third party services. Analytics and processing on the user data is done for offering users the most contextual content. This ensures that a user gets the best possible experience by show content in his/her own language. It also enables a unique, personalized experience according to a persons interests. For example, a person who looks up content related to agriculture will get agriculture related content prominently. A person from Tamil Nadu will get notifications in Tamil and get an update when the PM is in Tamil Nadu.
WHO IS THIS FRENCH CYBER EXPERT?
The French hacker who identifies himself as Elliot Alderson (@fs0c131y) has been tweeting about the loopholes in the security system of the app, and how it is allegedly sending user information, like name, contact address, interests, photo etc. to third-party domain/s.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier ) and personal data (email, photo, gender, name, ) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcfElliot Alderson (@fs0c131y) March 23, 2018
He further on posted screenshots of a conversation, reportedly with the team of NaMo app who reached out to him within minutes of his tweets.
One minute after my post on @narendramodi's #android app, the "App team" created a new Twitter profile to discuss with me. We had a nice discussion. In order to be fair, here their first answer. pic.twitter.com/4JbdoSefptElliot Alderson (@fs0c131y) March 24, 2018
NOT THE FIRST TIME
Back in December 2016, news portal YourStory carried a story of a 22-year-old Indian hacker, Javed Khatri claiming to have easily breached the security code of the app and accessing users' personal data.
Javed had mailed YourStory, detailing how he hacked the app and also offered to help the app developers.
Everything has been fixed by the app team. I am in touch with them. We had a good discussion regarding that. Would like to thank IT teamJaved Khatri (@IamJavedKhatri) https://twitter.com/IamJavedKhatri/status/804731732020772864?ref_src=twsrc%5Etfw">December 2, 2016