After a French security researcher Elliot Alderson claimed in a series of tweets that official mobile app of Indian PM Narendra Modi is sending personal information of its users to a third party website, various media outlets fact-checked his claim and found it to be TRUE. Notably on Android alone, the Narendra Modi App is downloaded over five million times.

One of the media outlets called Alt News has fact-checked the Alderson's claim, which can be read here and the video here is a live demonstration of the fact-check.

After Anderson tweeted about the privacy breach by PM's app, the privacy policy on PM Narendra Modi’s website has quietly been changed to accommodate for this lapse an cover-up this issue,. A screenshot of the present policy and policy on 23rd March (Before Anderson's Tweet) can be seen below.

[caption id="attachment_123662" align="aligncenter" width="699"] Privacy Policy on 23 March and before[/caption]

[caption id="attachment_123663" align="aligncenter" width="700"]Privacy Policy after Elliot Anderson's Tweet Privacy Policy after Elliot Anderson's Tweet[/caption]

The changes to the privacy policy have been made in a way that attempts to avoid notice or attention since neither the verified Twitter account of the Prime Minister nor the verified account @narendramodi_in which claims to be the “Twitter account of – Shri Narendra Modi’s personal website & the Narendra Modi Mobile App.” acknowledged the issue.

While the PM’s website (23 March) claimed that personal information would not be provided to third parties in any manner whatsoever without the consent of the user, it was doing exactly the opposite. These hurried changes to the privacy policy further go on to prove that there was a clear privacy breach by PM Narendra Modi’s mobile app.

The ruling BJP however has denied the allegations and said the data was being used only for analytics to offer all users the "most contextual content".

In an another media report, the reporter used a popular tool called Burp Suite in order to trace where the data was being sent. The findings showed that as a user kept entering personal information such as name, email address, gender and city, the data was being shared with the website According to the Whois information, the domain belonged to a company called WizRocket Inc which is registered in California and the data is being sent to a server in Mumbai. WizRocket is a data analytics platform developed by a US-India based company called CleverTap, which is a startup founded by Indian entrepreneurs - Anand Jain, Sunil Thomas and Suresh Kondamudi in 2013 (Just a year back when Narendra Modi became PM). Clevertap is backed by Sequoia, Accel Partners and and Japan's Recruit Holdings.

Experts say that data shared with political parties is prone to misuse. Srinivas Kodali, a cybersecurity expert said in a statement to NDTV, "It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application."

IndianWeb2 has sent an email to CleverTap for their responses and is yet to receive them. The story shall be updated once a response is received.

It is to be noted that before tweeting about privacy breach of PM's official app, Elliot Alderson has previously highlighted vulnerabilities in India's national identity card project Aadhaar.

Last August, whistle-blower agency Wikileaks released a report wherein it stated that US-based Central Intelligence Agency (CIA) is using tools devised by US-based technology provider Cross Match Technologies for cyber spying that may have comprised entire database of India’s Aadhaar having data of over 1.2 million Indian citizen.

Post a Comment

Previous Post Next Post
Like this content? Sign up for our daily newsletter to get latest updates.