Narendra Modi’s Android app is sharing the user data to a private company based in the US without the consent of the users, alleged the self-proclaimed French Security Researcher and founder of Fsociety, Elliot Alderson on Twitter.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) 23 March 2018
According to the allegations, the Modi app, the personal app of the Prime Minister of India is revealing personal data of the app users to the website called http://in.wzrkt.com, which is hosted by GoDaddy. According to the French researcher, the domain is categorized as phishing URL by the G-data. Further, it is claimed that the website has hidden it “WhoIs” info to confine its identity and ownership.
Elliot Alderson tweeted about the possible data theft about 12 hours ago explaining that the in.wzrkt.com belongs to the US-based CleverTap company, which is basically an advanced app engagement platform. The CleverTap platform helps marketing experts know, contact, and hold on to the users.
According to the research carried out on Narendra Modi App, the app releases device info of the user such OS, Carrier, Network type etc. It is claimed in the tweet carrying images of the research that the Modi app also provides personal data like email, gender, photo, name in favor of the third party.
The French Security Researcher claims that this kind of data sharing is a clear violation of Google Play TOS. In his tweet at 13:17, Elliot Alderson claims to have received the communication from the Narendra Modi’s App Team. However, there is no confirmation or denial from the official Twitter handle of the Narendra Modi App.
In the light of the recent revelations about Facebook data theft by Cambridge Analytica in which Mark Zuckerberg apologized publicly for having a weaker security system, it is important that businesses and organizations maintain the privacy of the user data and ensure not to share without consent.
Meanwhile, smelling the political opportunity, Congress supporters have started a #DeleteNaMoApp hashtag on Twitter.