French hacker Elliot Alderson on Tuesday has now targeted the app of Prime Minister Narendra Modi. In a series of tweets, Alderson claimed that the app is taking info without consent and sends the IP address of users to US-based website api.narendramodi.
Taking to Twitter, Alderson tweeted,"1/ In this request, the @narendramodi's #Android #application sends silently and without the user's consent, his IP address and a unique identifier of his phone. This personal data is sent to the website which is located in the US."
"2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is considered as a personal data, the user must give his consent and must be able to opt out from this data collection."
"3/ The @narendramodi's #Android #application does not meet these requirements and so is breaking this European regulation."
"4/ Moreover, not asking the user consent is a clear violation of the Google Play developer distribution agreement"
"5/ The unique phone identifier send by the @narendramodi's #Android #application is composed of multiple device specific information: board, brand, name of the instruction set, name of the industrial design, manufacturer, model, name of the product".
"6/ So if you install the @narendramodi's #Android #application on your phone, you are giving a lot of device information to @narendramodi without your consent".
Tweeting about the INC app on Monday, the French hacker had alleged that when one applies for membership of the party through the official Congress app on Google PlayStore, personal data are send encoded through an HTTP request to the party's membership page online.
Here the data that was given already for membership been copied that may not amount to any loss to the person who apply for membership., but however when coming to the question of "with out consent" that makes congress party goes in to defence mode.
'French security researcher' who goes by the name of Elliot Alderson on Twitter has captured the headlines ever since he flagged security concerns on 'NaMo app'