A French security, who calls himself Elliot Alderson (@fs0c131y), claimed that Narendra Modi android app, the personal mobile application of Prime Minister of India Narendra Modi, is allegedly sharing private information of users to a third-party US company Clever Tap without their consent.
According to Indian Express, Alderson shared a series of tweets claiming that when users create profile on Narendra Modi Android app, their device information, as well as personal data, is sent to a third-party domain called in.wzrkt.com., which apparently belongs to the US company.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf— Elliot Alderson (@fs0c131y) March 23, 2018
Alderson further tweeted that "One minute after my post on @narendramodi's android app, the "App team" created a new Twitter profile to discuss with me. We had a nice discussion. In order to be fair, here their first answer."
One minute after my post on @narendramodi's #android app, the "App team" created a new Twitter profile to discuss with me. We had a nice discussion. In order to be fair, here their first answer. pic.twitter.com/4JbdoSefpt— Elliot Alderson (@fs0c131y) March 24, 2018
Early this month, the same researcher had reported security flaws in various Indian government websites, including ISRO, Indian post, over the past few months.