Namo, the official mobile application of Indian Prime Minister Narendra Modi, reportedly sent the personal information of its users to a third party in the US, unbeknownst to the users, and without their consent.
The app was launched in 2015, and was an additional venue for PM Modi’s already stellar social media presence, with more than 41 million followers on Twitter. This number puts him among the top five politicians on the platform.
The breach was first made known on Saturday via tweets from “Eliot Alderson,” a pseudonym used by a French security researcher. Mr. Anderson tweeted
Elliot Alderson
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
Which was immediately followed by this tweet
Elliot Alderson
@fs0c131y
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers”
“Mr. Alderson’s” tweets were noticed by the Congress party, which is in opposition to PM Modi. Rahul Gandhi, who leads the Congress party, tweeted this the next day:
Rahul Gandhi
✔
@RahulGandhiFre
Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.
Ps. Thanks mainstream media, you’re doing a great job of burying this critical story, as always.
Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.
Ps. Thanks mainstream media, you’re doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH
— Rahul Gandhi (@RahulGandhi) March 25, 2018
The ruling party, to which PM Modi belongs, Bharatiya Janata Party (BJP), immediately issued a denial of the Frenchman’s allegations, and accused Mr. Gandhi of drawing attention away from recent reports from the Law and IT minister of India, Ravi Shankar Prasad. Mr Prasad had said the Congress party had connections to Cambridge Analytica, a data analysis firm from the UK that is currently embroiled in a security breach scandal for having used the data of millions of Facebook users. Mr. Prasad had asked Mr. Gandhi for an explanation of Cambridge Analytica’s role in Mr. Gandhi’s social media activities.
The Congress party refuted any allegations of wrongdoing.
In response to Mr. Gandhi, the BJP tweeted
BJP ✔
@BJP4India
Rahul Gandhi is in sublime form these days. After MRI & NCC, today he exposes his great knowledge about technology. He is so rattled by the Cambridge Analyitca expose that he daily tries to divert attention from it, yesterday it was the judiciary and today it is Namo App.
The BJP quickly followed up that tweet with another one that explained how Namo works
BJP ✔
@BJP4India
This ensures that a user gets the best experience by showing content in his language & interests. A person who looks up agri-related info will get agri related content easily. A person from TN will get updates in Tamil and get an update about an important initiative about TN.
A few hours later a new tweet from “Elliot Anderson” emerged, drawing attention to the update in the privacy settings of Namo, which had been “quietly” done
Elliot Alderson
@fs0c131y
After the NaMo #android app exposé yesterday, the privacy policy of @narendramodi has been change quietly. The cached version is accessible here