New Delhi: According to security researchers, the official mobile app of Prime Minister Narendra Modi, downloaded over five million times on Android alone, sent user data to a US-based company without consent.
Allegations against the Narendra Modi app, which have sparked a furore on social media, drew criticism from Congress President Rahul Gandhi. This comes at a time of heightened sensitivity around the alleged misuse of personal data amid the unfolding Facebook-Cambridge Analytica controversy.
BJP denied the allegations saying the data was being used only for analytics to offer all users the “most contextual content”. It also accused at the Congress, saying the Opposition party’s app shared data with third parties without consent.
A security researcher, who has previously highlighted some vulnerabilities in India’s national identity card project Aadhaar and who tweets under the pseudonym Elliot Alderson, was the one who first posted a series of messages on Twitter on Saturday stating the Narendra Modi app was sending personal user data to a third-party domain that was traced to an American company.
“When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are sent without your consent to a third-party domain called http://in.wzrkt.com,” read his tweet.
On Sunday, Congress President Rahul Gandhi tweeted: “Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.”
With criticism soaring on social media, the BJP admitted that it was sharing information but that this was par for the course. The BJP’s official Twitter handle tweeted, “Contrary to Rahul’s lies, fact is that data is being used for only analytics using third party service, similar to Google Analytics. Analytics on the user data is done for offering the most contextual content.”
The chief of BJP’s IT operations, Amit Malviya, also attacked Rahul Gandhi and Congress, alleging similar privacy and consent conflicts.
Amit Malviya said, “Hi! My name is Rahul Gandhi. I am the President of India’s oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore.”
The BJP IT cell head further alleged that if the “Congress party says that they will share data with like-minded people, then chances are that it could be people like Maoists, stone pelters, Chinese embassy and Cambridge Analytica.”
Further targeting United Progressive Alliance (UPA) chief Sonia Gandhi, Malviya accused the Congress party of following ‘all power no accountability’ dictum.
“When Congress says they will share your data with like-minded groups, the implications are grave. From Maoists, stone pelters, Bharat Ke Tukde Gang, Chinese embassy to globally ‘renowned’ orgs like Cambridge Analytica, the field is extensive and wide open,” he said in the tweet.
“Inspired by Sonia Gandhi’s ‘all power no accountability’ dictum, Congress will take all your data, even share it worldwide with orgs like Cambridge Analytica but will not take responsibility for it! Their own policy says so” he added.
“The Narendra Modi App is a unique app, which unlike most apps, gives access to users in ‘guest mode’ without even any permission or data… The app does not ask for blanket permissions when the app is started,” reports quoted BJP saources as saying.
Sources said the permissions required are all “contextual and cause-specific”. For example, a selfie campaign requires access to the camera and/or photo gallery.
“Contact access is required to connect with friends or fellow party workers on the New India connect module. If a person has entered his email address and date of birth, he receives a personalised birthday greeting from the prime minister. Each function asks for specific permissions when access is required,” a source was reported as saying.
The Congress, however, countered the claim.
Experts say that data shared with political parties is prone to misuse. A report in NDTV quoted cybersecurity expert Srinivas Kodali as saying, “It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application.”