The great privacy debacle: Congress, BJP find themselves a common adversary

Here's how both BJP and Congress dropped the ball in the data privacy game

rahulmodi_0.jpg

In a classic case of pot calling the kettle black, Congress was found leaking users’ personal data just when Rahul Gandhi took a dig at NaMo app for sharing data.

Earlier this week, a security researcher who goes by the name Elliot Alderson disclosed that the NaMo app was sharing personal user data with a third party domain belonging to a US-based company.

 

 

The hacker revealed that when a profile is created on the NaMo Android app, all device information (like the OS, network type and carrier) as well as personal data (like name, email and photo) are sent to a third party domain –  in.wzrkt.com, without authorization.

He went on to reveal that the domain belongs to CleverTap, a leading mobile marketing platform.

Shortly after the disclosure, the NaMo app team stated that CleverTap offers them analytical solutions and that the data is used for re-marketing. The team also testified that the data is not used by CleverTap for any other app.

While there is no problem with using a third party company for analytics solutions, sharing personal data without prior authorization from the user does violate privacy laws.

Throwing light on the legitimacy of data sharing allegations, Altnews found that upon registering on the NaMo app, personal data including the name, email id, service provider, etcetera, was being shared with the third party website.

Shortly after the exposé, the privacy policy of the NaMo app was changed, leaving no ground for further disparagement.

Congress takes a dig, gets served instead

Not losing an opportunity to point out the privacy gaffe, Rahul Gandhi tweeted last morning: "Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official app, I give all your data to my friends in American companies."

Call it poetic justice or a bad case of karma, Alderson pointed out that the Congress-owned web address membership.inc.in used the less-secure HTTP protocol instead of HTTPS. Additionally, he also revealed that the IP address for the website indicated its server being located in Singapore.

Soon after, the INC deleted the app from Play Store and its head of social media, Divya Spandana confirmed to TOI that Congress had indeed pulled down the app as people were being led to the older, less-secure membership site.