As the Congress and BJP continued to trade charges on unauthorised leak of data of users of their apps, the Congress pulled down its app from Google Play store while claiming it has been ‘defunct’, and Prime Minister Narendra Modi’s ‘NaMo’ app ‘quietly changed’ its privacy policy.
On Monday, March 26, Congress president Rahul Gandhi dubbed Prime Minister Narendra Modi the “Big Boss who likes to spy on Indians”, while the BJP hit back accusing the opposition party of ‘theft’.
Taking to Twitter after allegations surfaced that data from the Prime Minister’s official app was being shared without the consent of users, the Congress president said the NaMo app secretly recorded audio, video, contacts and even tracked location via GPS.
“Modi’s NaMo App secretly records audio, video, contacts of your friends and family and even tracks your location via GPS. He’s the Big Boss who likes to spy on Indians. Now he wants data on our children. 13 lakh NCC cadets are being forced to download the APP,” Gandhi said on Twitter using the hashtag ‘DeleteNaMoApp’.
He accused PM Modi of giving away personal data of all those who downloaded his Narendra Modi (NaMO) mobile app to a third party.
The BJP, however, rubbished the charge and termed it “Rahul’s lies”. In a series of tweets, the party not only denied any security breach but also explained how the app was an interactive platform and invited Gandhi to download it to learn some yoga for fitness.
BJP’s IT cell in-charge Amit Malviya said it was the Congress app that was sharing user data with his friends in Singapore.
“Hi! My name is Rahul Gandhi. I am the President of India’s oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore,” Malviya said, mimicking Gandhi’s tweet on Sunday.
“Full marks to Congress for stating upfront that they’ll give your data to **practically anyone** — undisclosed vendors, unknown volunteers, even ‘groups with similar causes’. In theft of all forms, Congress has never been discreet!” Malviya tweeted.
Taking a dig at Modi, Gandhi had tweeted on Sunday, “Hi! My name is Narendra Modi. I am India’s Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.”
The Congress leader, in his tweet, tagged a news report that talked about a French hacking expert, Elliot Alderson, claiming to have breached the security of the app and found out that personal data such as e-mails, photos, gender and names of the users were being compromised. Chiding the media, Gandhi said, “Ps. Thanks mainstream media, you’re doing a great job of burying this critical story, as always.”
Malviya went on to allege that the Congress, inspired by its leader Sonia Gandhi’s ‘all power no accountability’, will take all your data, even share it worldwide with organisations like Cambridge Analytica but will not take responsibility of it.
The Congress and the BJP have indulged in a slanging match over data theft and the use of services of Cambridge Analytica, accused of harvesting personal data of Facebook users and misusing it to help political parties.
Facing counter-charges, the Congress on Monday took down its app. Congress’s Divya Spandana claimed that the URL for membership on the Congress app had been defunct for a while: “We don’t collect any personal data through the INC app. We discontinued it a long time ago. It was being used only for social media updates. We collect data for membership and this is through our website, this is encrypted.”
From BJP, leaders like Union Minister Smriti Irani joined the twitter war.
“Now that we’re talking tech, would you care to answer @RahulGandhi ji why Congress sends data to Singapore Servers which can be accessed by any Tom, Dick and Analytica?”
Smriti Irani also scoffed at the Congress for deleting its own app.
Amit Malviya, who heads the BJP’s IT cell, also hit back after the Congress pulled down its app.
“Rahul Gandhi gave a call to #DeleteNaMoApp, but Congress deleted its own App from the App store after they were called out. What is the Congress party hiding?”
The BJP had conceded that it is sharing information but also stresses that there is no wrongdoing: “Contrary to Rahul’s lies , fact is that data is being used for only analytics using third party service, similar to Google Analytics,” the party said.
The NaMo app
Media reports earlier pointed out that BJP’s online showcase for Prime Minister Narendra Modi, the NaMo App, under the spotlight in the wake of the debate over data privacy in social media, asked users to provide access to as many as 22 personal features on their devices, including location, photographs and contacts, microphone and camera.
The India Express reported that this is more than what the official app of the Prime Minister’s Office, PMO India App, asks users to volunteer — access to 14 data points. The Ministry of Electronics & Information Technology’s citizen-engagement app, MyGov app, asks for permission to access nine data points.
Amazon India’s app needs 17 permissions on various counts from users. PayTM’s app demands access to 26 data points, and Delhi Police’s app asks for access to 25 tracks but they provide a wider range of services.
The Congress party’s ‘With INC’ App demands access to ten data tracks. The SP App published by Anil Yadav, who describes himself as “Media Spokesperson, Samajwadi Party” on his verified Twitter account, requires three data access points.
On Saturday, the user of Twitter handle @fs0c131y, described on the account as a “French security expert” and who identified himself to The Indian Express as Robert Baptiste, said the app may be providing personal user data to a third party without the users’ consent. He identified the company as US-based Clever Tap.
Interestingly, a day after these disclosures, the privacy policy at narendramodi.in — the website associated with the NaMo app — was updated to state that certain user information may be shared with third party services to “offer a better user experience”, “most contextual content and updates”.
The information shared with third parties included name, email, mobile phone number, device information, location and network carrier.
The policy earlier stated: “Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you. The information shall not be provided to third parties in any manner whatsoever without your consent.”
Fake news buster AltNews said the changes to the privacy policy have been made surreptitiously since neither the verified Twitter account of the Prime Minister nor the verified account narendramodi_in which claims to be the “Twitter account of http://www.narendramodi.in – Shri Narendra Modi’s personal website & the Narendra Modi Mobile App.” acknowledged the issue.
The NaMo APP also hasn’t followed the standard practice to inform the users when changes to the privacy policy are made, a practice that most major apps and websites follow, said AltNews.
More importantly, it said, “While the PM’s website claimed that personal information would not be provided to third parties in any manner whatsoever without the consent of the user, it was doing exactly the opposite. These hurried changes to the privacy policy further go onto prove that there was a clear privacy breach by PM Narendra Modi’s mobile app.”
Responding to a detailed questionnaire sent Saturday by IE, Malviya said Sunday that data from the app is shared with a “third party service” for analytics, similar to Google Analytics. “The data in no way is stored or used by the third party services. Analytics and processing on the user data is done for offering users the most contextual content… It also enables a unique, personalised experience according to a person’s interests,” he said.
Described on PlayStore as the Official App of Prime Minister Narendra Modi, the NaMo App mentions “Bharatiya Janata Party, 11 Ashoka Road, New Delhi-110001”, which used to be BJP headquarters till early last month, as the address of the developer, said the IE report.
The NaMo App is promoted through official government channels. ‘Exam Warriors’, Modi’s recently launched book aimed at the students preparing for the annual school exams, encourages readers to download the NaMo app.
Besides, personal data of nearly 13 lakh NCC cadets was being collected so that the Prime Minister could interact with them. In a letter sent on February 23, the Director General of NCC told state directorates that the collection of data will facilitate this interaction “by downloading ‘Narendra Modi App’ in the cell phones of the cadets”.
A report in the IE pointed out discrepancies between claims and facts about NaMo app.
While the app – under ‘details’ – specifies that “no permission is compulsory on the NM app” and the user can disable the access for these permissions in settings, when it is downloaded, most of the permissions are given by default.
According to the Supreme Court’s ruling on privacy in August 2017, informed consent is important for data protection and data privacy. The fact that permissions for the NaMo app are not compulsory can only be found if one goes through the Read More section of the app — users are not informed of it when downloading the app, the IE report said.
BJP IT cell chief Malviya said, according to IE: “Each function asks for the specific permission when access is required. The app does not ask for blanket permissions when the app is started.”
When the app is downloaded, it asks for access to the media stored on the phone, which can be denied. It does allow use of the app without registering, but a lot of the app’s features do not function in guest mode, or without allowing all the permissions sought. However, reported IE, Malviya said that unlike most Apps the NaMo app allows users access in guest mode without “any permission or data”. The permissions required for the app, he added, “are all contextual and cause-specific”.
On Saturday, Baptiste had tweeted: “When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier .) and personal data (email, photo, gender, name, .) are send without your consent to a third-party domain called http://in.wzrkt.com.”
Baptiste said that wzrkt.com was a property of a company named Clever Tap. Actually, Clever Tap is a company owned by Wizrocket, which is a data analytics start-up founded in Mumbai in May 2013, and is now headquartered in California.
Significantly, on its website, Clever Tap mentions that it helps organisations analyse data for stronger engagement with their users. It helps its clients, it says on its website under user segmentation to “influence” app users’ behaviour by uncovering key insights across various dimensions.
The NaMo App does not have any specific option of users consenting to their data being shared with Clever Tap.
Speaking to The Indian Express, Baptiste said, the main issue is that personal information of users is shared without the consent of the user with a third-party company.
“These data can be used for a lot of things after that (sic),” he said. “Like they did for Cambridge Analytica for example.”
Baptiste said the NaMo App does not share all the data that it has access to on users’ phones with Clever Tap, but only information gathered at the time of registration. It means though the app continues to hold access to photographs, location, microphone, camera, identity, contacts, etc., it only shares information like the mobile operating system, telecom carrier, email, gender, name and photograph used for app registration.
In his response, Malviya said the app “provides a platform for millions of his fans and party cadre to connect directly with the Prime Minister”. Calling it “one of its kind”, he said the app “enables unprecedented engagement and interactivity”, and is “way different” from apps of other parties and their leaders, which are one-way flow. He mentioned various “path-breaking engagement activities”, including the exam warrior module, of the app.
Regarding Baptiste’s claims, Malviya said the user was only sharing his or her own data. “This is not a security breach. The person does not have access to any data apart from his own data,” he said.
Meanwhile, The French researcher, who had been contacted by the BJP through an independent Twitter handle, also noticed the change on Sunday and tweeted:
On BJP’s reaction to charges, he said:
