“Narendra Modi APP” sharing Your personal data?
PM Modi’s “Narendra Modi APP” sharing personal data with a third party without your permission.
On 23rd March, #DeleteNamoApp started trending on Twitter. According to a French security researcher ‘Elliot Alderson’ has claimed that Prime Minister Narendra Modi’s application is sending personal information of its users to a third party website called in.wzrkt.com in a series of tweets.
I checked the NaMo app and this is not good…My plane will take off soon, tweet with details will come in 2 hours
— Elliot Alderson (@fs0c131y) March 23, 2018
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
Of course, I reversed their SDK, the JAR file provided on #Github.
First observation, nothing is obfuscated.
Secondly, this SDK is very light…
Finally, we can confirm that the domain https://t.co/eJFvoJRwJh is the property of @CleverTap. pic.twitter.com/h3OPypDlrf— Elliot Alderson (@fs0c131y) March 23, 2018
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers” pic.twitter.com/Ikqp9GbCDm
— Elliot Alderson (@fs0c131y) March 23, 2018
One minute after my post on @narendramodi‘s #android app, the “App team” created a new Twitter profile to discuss with me. We had a nice discussion. In order to be fair, here their first answer. pic.twitter.com/4JbdoSefpt
— Elliot Alderson (@fs0c131y) March 24, 2018