Narendra Modi App Shares Users’ Personal Data With US Firm, Discreetly Changed Privacy Policy After Allegations Of Breach

    211

    A French security researcher, who is in limelight for keeping UIDAI on its toes by exposing in the Aadhaar infrastructure’s diverse security holes, has claimed in a series of tweets that Prime Minister Narendra Modi’s application is showing all the personal information of its users to a third party website called in.wzrkt.com and that too without the consent of the users.

    He did all it’s investigation and found that some personal details such as name, gender, e-mail, telecom operator type and more was indeed being shared with the website in.wzrkt.com.

    After privacy breaches of the app was found true, the privacy policy on PM Modi’s website quietly changed to accommodate for this lapse.

    A night before the expose took place, this was what the application’s privacy policy said (cached versions saved by Alt News):

    The alterations made to the privacy policy have been made surreptitiously since neither the verified Twitter account of the Prime Minister nor the verified account narendramodi_in which claims to be the “Twitter account of http://www.narendramodi.in – Shri Narendra Modi’s personal website & the Narendra Modi Mobile App.” acknowledged the issue. The NaMo APP has also not followed the standard practice to let the users know about the changes and when and why were the changes made to the privacy policy, a practice that most major apps and websites follow.

    According to an independent investigation conducted they found that the official mobile application of PM Narendra Modi, downloaded over five million times on Android alone, sent user data to the US-based company, WizRocket Inc, without consent.

    WizRocket is a data analytics platform developed by a US-based company called CleverTap. CleverTap’s website says it is as a mobile marketing platform that “visually builds and delivers omnichannel campaigns based on user behaviour, location and lifecycle stage”. The company was founded in 2013 by three Indians and has offices in several cities in USA and Indian offices are in Mumbai, New Delhi and Bengaluru.

    BJP the ruling Party has denied the allegations and said the data was being used only for analytics to offer all users the “most contextual content”.

    Data is being used for analytics using third-party service, similar to Google Analytics. The data in no way is stored or used by the third party services,” one of the sources from BJP said.

    Rahul Gandhi also took to Twitter to express his condemnation against the privacy breach.

    This was followed by a war of words between the two national parties, claiming that Rahul Gandhi’s tweet has only helped NaMo App gain more popularity.

    BJP went ahead to accuse Congress of data breach.

    Soon after, Congress deleted its official mobile application.

    Congress’s social media head Divya Spandana took to Twitter to clarify the party’s decision to delete the app from Google’s Play Store. “The URL for membership on the INC app has been defunct for a while now. Our membership is through the INC website. How difficult is that to understand,” tweets Divya.