Home >> Politics

NaMo app sends user data to US firm without consent, security researchers reveal

The official mobile app of Prime Minister Narendra Modi, downloaded over five million times on Android alone, sent user data to a US-based company without consent, security researchers have found.

Allegations against the Narendra Modi app, which have sparked a furore on social media and biting criticism from Congress President Rahul Gandhi, come at a time of heightened sensitivity around the alleged misuse of personal data amid the unfolding Facebook-Cambridge Analytica controversy.

The ruling BJP has denied the allegations and said the data was being used only for analytics to offer all users the "most contextual content". It also hit out at the Congress, saying the opposition party's app shared data with third parties without consent.

It was a security researcher, who has previously highlighted vulnerabilities in India's national identity card project Aadhaar and who tweets under the pseudonym Elliot Alderson, who first posted a series of messages on Twitter on Saturday stating the Narendra Modi app was sending personal user data to a third-party domain that was traced to an American company.

Alderson, who initially pointed out that the Narendra Modi app was sharing data with a third party without the consent of users, earlier on Sunday posted a new tweet saying the app had "quietly" updated its privacy policy after his previous tweets.

Stung by mounting criticism on social media, the BJP admitted that it was sharing information but that this was par for the course. The BJP's official Twitter handle tweeted, "Contrary to Rahul's lies , fact is that data is being used for only analytics using third party service, similar to Google Analytics. Analytics on the user data is done for offering the most contextual content."

Amit Malviya, the chief of BJP's IT operations, also attacked Rahul Gandhi and Congress, alleging similar privacy and consent conflicts.

Experts say that data shared with political parties is prone to misuse. Srinivas Kodali, a cybersecurity expert said, "It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application."

The BJP's response, however, did not appear to address the crucial issue of consent. The privacy policy for the Narendra Modi app, posted on the website narendramodi.in, until yesterday, read, "Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you. The information shall not be provided to third parties in any manner whatsoever without your consent."

The backlash was also compounded by criticism over 13 lakh cadets of India's National Cadet Corps being asked to install the app and share phone numbers and email addresses with the Prime Minister's office.

As the controversy grew, that policy was changed to say, "The following information may be processed by third party services to offer you a better experience as stated above: name, email, mobile phone number, device information, location and network carrier."