NEW DELHI: The claims of user data of users being sent through NaMo App without their prior consent have found grounds to be investigated. The App claiming to belong to Prime Minister of India, Narendra Modi, was downloaded as many as five million times on Android platforms alone. Now as there are claims by security researchers that such as a case is going on without proper procedure, the media started airing the situation for public awareness.
The recent criticism by Rahul Gandhi also came at a time when is heightened sensitivity around the alleged misuse of personal data. Prior to that there were several reports which came to be true that is related to Cambridge Analytica controversy.
The ruling BJP party has denied all such allegations and reasoned that the data collected was for analytics purpose, so that the users may be offered with ‘most contextual content’. But to the allegation leveled by Congress, the BJP said that the opposition party’s app too shared data with third parties without their proper consent.
The first time the issue came to light was when, a security researcher, who has previously to highlighted vulnerabilities in India’s national identity card project Aadhaar and who handles his twitter account with pseudonym Elliot Alderson, posted a series of messags on Twitter on Saturday stating that the Narendra Modi app was sending all the personal user data to a third-party domain that can be traced to an American company.
Alderson was the first person to highlight the case, who said that the popularly known app, NaMo, was sharing confidential data with some other third party without obtaining proper consent of its users. He earlier on Sunday posted another tweet in which he stated that the app had ‘quietly’ updated its privacy policy after seeing his tweets.
When media checked the claims by consulting experts and using other tools like Burp Suite, the findings showed that as a user went on entering personal information such as name, email address, gender and city, the data was being shared with the website in.wzrkt.com.
During the entire process of registration, the user is not at all asked for permission for sending data to a third party – a procedure which is needed to be followed by most apps.
Media found that the domain in.wzrkt.com belonged to a company called WizRocket Inc which is registered in California, USA and then the data is being sent to a server in a Mumbai based location. WizRocket is a data analytics platform recently developed by a US-based company called CleverTap.
CleverTap’s website says it is as a mobile marketing platform that “visually builds and delivers omnichannel campaigns which is completely based on user behavior, location and lifecycle stage”. The company was founded in 2013 by three Indian nationals and has offices in several cities in USA and Indian offices are in Mumbai, New Delhi and Bengaluru.
You May Also Read : BJP Refutes Allegations Of Blanket Permission For User Data Of PM’s App