After a French security researcher Elliot Alderson claimed in a series of tweets that official mobile app of Indian PM Narendra Modi is sending personal information of its users to a third party website in.wzrkt.com, various media outlets fact-checked his claim and found it to be TRUE. Notably on Android alone, the Narendra Modi App is downloaded over five million times.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
The ruling BJP however has denied the allegations and said the data was being used only for analytics to offer all users the “most contextual content”.
In an another media report, the reporter used a popular tool called Burp Suite in order to trace where the data was being sent. The findings showed that as a user kept entering personal information such as name, email address, gender and city, the data was being shared with the website in.wzrkt.com. According to the Whois information, the domain in.wzrkt.com belonged to a company called WizRocket Inc which is registered in California and the data is being sent to a server in Mumbai. WizRocket is a data analytics platform developed by a US-India based company called CleverTap, which is a startup founded by Indian entrepreneurs – Anand Jain, Sunil Thomas and Suresh Kondamudi in 2013 (Just a year back when Narendra Modi became PM). Clevertap is backed by Sequoia, Accel Partners and and Japan’s Recruit Holdings.
Experts say that data shared with political parties is prone to misuse. Srinivas Kodali, a cybersecurity expert said in a statement to NDTV, “It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application.”
IndianWeb2 has sent an email to CleverTap for their responses and is yet to receive them. The story shall be updated once a response is received.
It is to be noted that before tweeting about privacy breach of PM’s official app, Elliot Alderson has previously highlighted vulnerabilities in India’s national identity card project Aadhaar.
Last August, whistle-blower agency Wikileaks released a report wherein it stated that US-based Central Intelligence Agency (CIA) is using tools devised by US-based technology provider Cross Match Technologies for cyber spying that may have comprised entire database of India’s Aadhaar having data of over 1.2 million Indian citizen.