A shocker came on Saturday when a French security researcher Elliot Alderson revealed in a series of tweets about the security lapse in Narendra Modi app (NaMo App), the official mobile application of Prime Minister Narendra Modi.
He revealed that the app is allegedly sharing the device as well as personal information of its users to a third party domain called in.wzrkt.com, which belongs to the US company CleverTap.
CleverTap is a mobile marketing platform with app marketing automation helping the app marketers to retain user engagement and win back users through clever mobile marketing strategies and mobile app metrics, says the company’s profile description.
The device information which is being shared includes the operating software, network type, and carrier, among others. Besides, the app is also passing personal information such as email, photo, gender and name to the third-party domain without users’ consent.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
When Alderson ran the domain name on G-Data, a German software company that focuses on computer security solutions, it was classified as a phishing link.
This domain is classified as a phishing link by the company G-Data. This website is hosted by @GoDaddy and the whois info are hidden. pic.twitter.com/dRUx0fuZ38
— Elliot Alderson (@fs0c131y) March 23, 2018
He later highlighted the major issue is the Namo app is passing all the information to another company without users’ consent. “Sharing personal data without the user consent is illegal. Users have to accept the data collection and must be able to opt out from it. This is the law. Moreover, collect personal data of user without their consent is against the TOS of Google Play Store,” he tweeted.
The recent controversy around data leaks by Facebook has opened a Pandora's box about how secure our online data is.
Last week, the Observer published the account of a former worker at data firm Cambridge Analytica, who lifted the lid on the company’s relationship with Facebook.
Christopher Wylie revealed how an academic, Aleksandr Kogan, had harvested data from users via a personality quiz on the social network and, through his company Global Science Research (GSR), had shared it with Cambridge Analytica. Since then, there have been more revelations about both firms and about the way consumers’ data is used.