Cong leaks info to Rahul friends, says BJP amid row over NaMo app data-sharing
With criticism soaring, the BJP admitted that it was sharing information but that this was par for the course.
New Delhi: According to security researchers, the official mobile app of Prime Minister Narendra Modi, downloaded over five million times on Android alone, sent user data to a US-based company without consent.
Allegations against the Narendra Modi app, which have sparked a furore on social media, drew criticism from Congress President Rahul Gandhi. This comes at a time of heightened sensitivity around the alleged misuse of personal data amid the unfolding Facebook-Cambridge Analytica controversy.
BJP denied the allegations saying the data was being used only for analytics to offer all users the "most contextual content". It also accused at the Congress, saying the Opposition party's app shared data with third parties without consent.
A security researcher, who has previously highlighted some vulnerabilities in India's national identity card project Aadhaar and who tweets under the pseudonym Elliot Alderson, was the one who first posted a series of messages on Twitter on Saturday stating the Narendra Modi app was sending personal user data to a third-party domain that was traced to an American company.
Alderson, who initially pointed out that the Narendra Modi app was sharing data with a third party without the consent of users, earlier on Sunday posted a new tweet saying the app had "quietly" updated its privacy policy after his previous tweets.
"When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are sent without your consent to a third-party domain called http://in.wzrkt.com," read his tweet.
On Sunday, Congress President Rahul Gandhi tweeted: "Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies."
Also Read: NaMo app data stolen: Rahul Gandhi accuses PM Modi
With criticism soaring on social media, the BJP admitted that it was sharing information but that this was par for the course. The BJP's official Twitter handle tweeted, "Contrary to Rahul's lies, fact is that data is being used for only analytics using third party service, similar to Google Analytics. Analytics on the user data is done for offering the most contextual content."
The chief of BJP's IT operations, Amit Malviya, also attacked Rahul Gandhi and Congress, alleging similar privacy and consent conflicts.
Amit Malviya said, "Hi! My name is Rahul Gandhi. I am the President of India’s oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore."
Full marks to @INCIndia for stating upfront that they'll give your data to **practically anyone** - undisclosed vendors, unknown volunteers, even 'groups with similar causes'. In theft of all forms, Congress has never been discreet! pic.twitter.com/FCSIv6nPMn
— Amit Malviya (@malviyamit) March 26, 2018
The BJP IT cell head further alleged that if the "Congress party says that they will share data with like-minded people, then chances are that it could be people like Maoists, stone pelters, Chinese embassy and Cambridge Analytica."
Further targeting United Progressive Alliance (UPA) chief Sonia Gandhi, Malviya accused the Congress party of following 'all power no accountability' dictum.
"When Congress says they will share your data with like-minded groups, the implications are grave. From Maoists, stone pelters, Bharat Ke Tukde Gang, Chinese embassy to globally 'renowned' orgs like Cambridge Analytica, the field is extensive and wide open," he said in the tweet.
"Inspired by Sonia Gandhi's 'all power no accountability' dictum, Congress will take all your data, even share it worldwide with orgs like Cambridge Analytica but will not take responsibility for it! Their own policy says so" he added.
"The Narendra Modi App is a unique app, which unlike most apps, gives access to users in 'guest mode' without even any permission or data... The app does not ask for blanket permissions when the app is started," reports quoted BJP saources as saying.
Sources said the permissions required are all "contextual and cause-specific". For example, a selfie campaign requires access to the camera and/or photo gallery.
"Contact access is required to connect with friends or fellow party workers on the New India connect module. If a person has entered his email address and date of birth, he receives a personalised birthday greeting from the prime minister. Each function asks for specific permissions when access is required," a source was reported as saying.
The Congress, however, countered the claim.
We don’t collect any personal data through the INC app. We discontinued it a long time ago. It was being used only for social media updates.
— Divya Spandana/Ramya (@divyaspandana) March 26, 2018
We collect data for membership and this is through our website https://t.co/Mi3BWOK9Z0, this is encrypted. https://t.co/9r0EXWwU4Z
Experts say that data shared with political parties is prone to misuse. A report in NDTV quoted cybersecurity expert Srinivas Kodali as saying, "It can be misused by sharing with private companies like Cambridge Analytica which could build voter profiles of volunteers who are active through the Narendra Modi application."
The BJP's response, however, did not appear to address the crucial issue of consent. The privacy policy for the Narendra Modi app, posted on the website narendramodi.in, until Sunday read, "Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you. The information shall not be provided to third parties in any manner whatsoever without your consent."
The backlash was also compounded by criticism over 13 lakh cadets of India's National Cadet Corps being asked to install the app and share phone numbers and email addresses with the Prime Minister's office.
As the controversy swelled, that policy was changed to say, "The following information may be processed by third party services to offer you a better experience as stated above: name, email, mobile phone number, device information, location and network carrier."
(With inputs from agencies)