My name is Modi, my app gives all info to US companies, tweets Rahul. PMO issues strong rebuttal.
Two days after a French cyber expert claimed that Narendra Modi's app was releasing user information to third party domain(s) without consent, in a no holds barred attack, Rahul Gandhi today decided to name and shame.
The Congress president in a tweet traded barbs at the Prime Minister and said, "Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies."
Notwithstanding the vitriolic attack, the Prime Minister Office (PMO) released a statement minutes ago, mocking Congress and its accusatory chief of 'having zero knowledge of technology'.
The statement majorly explains the contours of the NaMo app and progresses to firefight the accusations of poor security feature or the deliberate data transfer to third party(s).
Narendra Modi App is a unique App, which unlike most Apps, gives access to users in guest mode without even any permission or data. The permissions required are all contextual and cause-specific. For example, a selfie campaign requires access to the camera and/or photo gallery. Contact access is required to connect with friends or fellow party workers on the New India connect module. If a person has entered his email address and date of birth, he receives a personalised birthday greeting from the PM. Each function asks for the specific permission when access is required. The app does not ask for blanket permissions when the app is started.
The data exposed by the French Twitter user is the data entered by the user on his own device. This is not a security breach. The person does not have access to any data apart from his own data.
Data is being used for analytics using third party service, similar to Google Analytics. The data in no way is stored or used by the third party services. Analytics and processing on the user data is done for offering users the most contextual content. This ensures that a user gets the best possible experience by show content in his/her own language. It also enables a unique, personalized experience according to a persons interests. For example, a person who looks up content related to agriculture will get agriculture related content prominently. A person from Tamil Nadu will get notifications in Tamil and get an update when the PM is in Tamil Nadu.
The French hacker who identifies himself as Elliot Alderson (@fs0c131y) has been tweeting about the loopholes in the security system of the app, and how it is allegedly sending user information, like name, contact address, interests, photo etc. to third-party domain/s.
He further on posted screenshots of a conversation, reportedly with the team of NaMo app who reached out to him within minutes of his tweets.