The official mobile app of Prime Minister Narendra Modi, downloaded over five million times on Android alone, sent user data to a US-based company without consent, security researchers have found.
Allegations against the Narendra Modi app, which have sparked a furore on social media and biting criticism from Congress President Rahul Gandhi, come at a time of heightened sensitivity around the alleged misuse of personal data amid the unfolding Facebook-Cambridge Analytica controversy.
The ruling BJP has denied the allegations and said the data was being used only for analytics to offer all users the "most contextual content". It also hit out at the Congress, saying the opposition party's app shared data with third parties without consent.
It was a security researcher, who has previously highlighted vulnerabilities in India's national identity card project Aadhaar and who tweets under the pseudonym Elliot Alderson, who first posted a series of messages on Twitter on Saturday stating the Narendra Modi app was sending personal user data to a third-party domain that was traced to an American company.
Stung by mounting criticism on social media, the BJP admitted that it was sharing information but that this was par for the course. The BJP's official Twitter handle tweeted, "Contrary to Rahul's lies , fact is that data is being used for only analytics using third party service, similar to Google Analytics. Analytics on the user data is done for offering the most contextual content."
Amit Malviya, the chief of BJP's IT operations, also attacked Rahul Gandhi and Congress, alleging similar privacy and consent conflicts.
Experts say that data shared with political parties is prone to misuse. Srinivas Kodali, a cybersecurity expert said, "It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application."
The backlash was also compounded by criticism over 13 lakh cadets of India's National Cadet Corps being asked to install the app and share phone numbers and email addresses with the Prime Minister's office.
As the controversy grew, that policy was changed to say, "The following information may be processed by third party services to offer you a better experience as stated above: name, email, mobile phone number, device information, location and network carrier."