A French security researcher, who has been keeping UIDAI on its toes by exposing various security holes in the Aadhaar infrastructure, had claimed in a series of tweets that Prime Minister Narendra Modi’s application is sending personal information of its users to a third party website called in.wzrkt.com and it is doing so without the user’s consent.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
This domain is classified as a phishing link by the company G-Data. This website is hosted by @GoDaddy and the whois info are hidden. pic.twitter.com/dRUx0fuZ38
— Elliot Alderson (@fs0c131y) March 23, 2018
To ascertain if the NaMo Android App was involved in privacy breach, Alt News did its own investigation and found that personal information such as name, email id, gender, telecom operator type and more was indeed being shared with the website in.wzrkt.com.
In the screenshot, it can be seen that the email-id [email protected] that was entered during registration has been sent to in.wzrkt.com
After privacy breaches of the app was found to be true, the privacy policy on PM Narendra Modi’s website has quietly been changed to accommodate for this lapse.
A day before the expose, this is what the application’s privacy policy said (cached versions saved by Alt News):
The changes to the privacy policy have been made surreptitiously since neither the verified Twitter account of the Prime Minister nor the verified account narendramodi_in which claims to be the “Twitter account of http://www.narendramodi.in – Shri Narendra Modi’s personal website & the Narendra Modi Mobile App.” acknowledged the issue. The NaMo APP also hasn’t followed the standard practice to inform the users when changes to the privacy policy are made, a practice that most major apps and websites follow.
NDTV investigation
NDTV also conducted an independent investigation and found that the official mobile application of Prime Minister Narendra Modi, downloaded over five million times on Android alone, sent user data to the US-based company, WizRocket Inc, without consent.
WizRocket is a data analytics platform developed by a US-based company called CleverTap. CleverTap’s website says it is as a mobile marketing platform that “visually builds and delivers omnichannel campaigns based on user behaviour, location and lifecycle stage”. The company was founded in 2013 by three Indians and has offices in several cities in USA and Indian offices are in Mumbai, New Delhi and Bengaluru.
BJP’s response
The ruling BJP has denied the allegations and said the data was being used only for analytics to offer all users the “most contextual content”.
Data is being used for analytics using third-party service, similar to Google Analytics. The data in no way is stored or used by the third party services,” BJP sources said, reported NDTV.
Rahul Gandhi took to Twitter to express condemnation against the privacy breach.
Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.
Ps. Thanks mainstream media, you’re doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH
— Rahul Gandhi (@RahulGandhi) March 25, 2018
Modi’s NaMo App secretly records audio, video, contacts of your friends & family and even tracks your location via GPS.
He’s the Big Boss who likes to spy on Indians.
Now he wants data on our children. 13 lakh NCC cadets are being forced to download the APP.#DeleteNaMoApp
— Rahul Gandhi (@RahulGandhi) March 26, 2018
Congress senior party leader Randeep Surjewala also tweeted:
IT Minister will not do a press conference on the NaMo App on these allegations of Data Chori!
Will the media dare to question Modi ji on the functioning of his App? Will the brain behind this ‘Data Usurpation’ be summoned?
What about the 15 Lakh NCC cadets & their privacy? https://t.co/unLi2Sj2AW
— Randeep Singh Surjewala (@rssurjewala) March 24, 2018
This was followed by a war of words between the two national parties, claiming that Rahul Gandhi’s tweet has only helped NaMo App gain more popularity.
We all know that Rahul Gandhi is no match for Narendra Modi. But seeing his fright about the Namo App, is very amusing. When his bots tried to trend #DeleteNamoApp day before yesterday, the popularity and downloads of Namo App only increased. Today, it will be no different! pic.twitter.com/Wnan0IQFIV
— BJP (@BJP4India) March 25, 2018
BJP went ahead to accuse Congress of data breach.
Hi! My name is Rahul Gandhi. I am the President of India…
