NaMo app data leak: French hacker claims Modi's app taking info without consent
French hacker Elliot Alderson on Tuesday has now targeted the app of Prime Minister Narendra Modi. In a series of tweets, Alderson claimed that the app is taking info without consent and sends the IP address of users to US-based website api.narendramodi.
Taking to Twitter, Alderson tweeted,"1/ In this request, the @narendramodi's #Android #application sends silently and without the user's consent, his IP address and a unique identifier of his phone. This personal data is sent to the website http://api.narendramodi.in which is located in the US."
1/ In this request, the @narendramodi's #Android #application sends silently and without the user's consent, his IP address and a unique identifier of his phone.— Elliot Alderson (@fs0c131y) March 26, 2018
This personal data is sent to the website https://t.co/XTWhe9kc5T which is located in the US. pic.twitter.com/18Ie8JAuXM
"2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is considered as a personal data, the user must give his consent and must be able to opt out from this data collection."
"3/ The @narendramodi's #Android #application does not meet these requirements and so is breaking this European regulation."
"4/ Moreover, not asking the user consent is a clear violation of the Google Play developer distribution agreement"
"5/ The unique phone identifier send by the @narendramodi's #Android #application is composed of multiple device specific information: board, brand, name of the instruction set, name of the industrial design, manufacturer, model, name of the product"
"6/ So if you install the @narendramodi's #Android #application on your phone, you are giving a lot of device information to @narendramodi without your consent".
Tweeting about the INC app on Monday, the French hacker had alleged that when one applies for membership of the party through the official Congress app on Google PlayStore, personal data are send encoded through an HTTP request to the party's membership page online.
'French security researcher' who goes by the name of Elliot Alderson on Twitter has captured the headlines ever since he flagged security concerns on 'NaMo app' and INC app.