NAMO App transferring user data to US company

Prime Minister Narendra Modi’s fascination for Apps and Big Data has received two successive jolts in the last two days. First reports surfaced that 1.3 million NCC cadets in the country have been asked to download the NaMo App, developed ostensibly by the Bharatiya Janata Party which prominently displays it on its website and is a partisan and political tool, on their smartphones or smartphones of their parents ahead of an interaction with the Prime minister.

On Saturday a French cyber security researcher tweeting under the pseudonym or moniker of Ellioot Alderson accused the NaMo Android App to violate even Google’s terms of conditions and European law by transferring user data to a third party, a US based company

Alderson also said that within a minute of his tweet on the NaMo app, the “app team” created a new Twitter profile to discuss the issue with him. He posted the chat transcript as proof.

Though the app team tried its best to convince Alderson that there has been no data breach, they had no answers when the ethical hacker replied: “The problem is to collect data without the consent of the users.”

This has put the legality of the Narendra Modi app in serious question as one respondent felt.

Alderson tagged Narendra Modi’s verified handle while taunting the Prime Minister by saying: “I know privacy is not your thing but any thoughts about sharing the personal data of your users without their consent to a third-party company?”

When users create their profile on the Narendra Modi Android App, information related to their operating software, network type, carrier, email, photo, gender and name etc. are shared with a third party domain called wzrkt. Com , which he alleged belongs to a US company Clever Trap.

The tweets of the 28-year old Frenchman, whose family name is apparently ‘ Robert’ , immediately caused an uproar in the digital world since the allegations comes in the wake of the controversy over BJP and its allies using Cambridge Analytica to use big data to win elections. CA has been in the news for illegally using profiles of Facebook users to influence US Presidential election and Brexit voters.

In a recent interview the precocious software engineer explained why sharing user data with third parties is unethical and, in many countries, illegal.

“For example, in real life would you be open to share your family photos with a stranger?,” he asked. “I don’t think so, so why did you share your photos to Google for example? In real life, would you accept if someone ask you to wear a location tracker? No, I don’t think so. If it’s not acceptable in real life, it’s not acceptable in the digital life too.”

The researcher’s interest in India had started in January this year when his attention was drawn to the controversy over Aadhaar. He explains that he is neither for Aadhaar nor against Aadhaar. But he feels that for a project of Aadhaar’s scale, it should be secured better. He went on to expose Aadhaar details from Andhra Pradesh and Telangana and called upon UIDAI to secure its database.

“What I can see is that there is a big issue on how third party websites are handling the Aadhaar data,” Alderson said of his opinion on what is the primary problem plaguing the UIDAI, “Today, you can find thousands of Aadhaar cards with only one Google search query. The first step for UIDAI in my sense is to make a full review of their partners and to impose some security requirements to these companies,” he said in an e-mail interview to Scroll earlier this month.

Alderson had earlier rated the security of the Aadhaar application as 0 out of 10. He had said that, according to him, interns or junior developers had worked on it.