India privacy scandal brews over claim PM Narendra Modi’s app ships personal data abroad
Row erupts after a French security researcher flagged flaws with Modi’s personal app
Allegations that Indian Prime Minister Narendra Modi’s official smartphone app is shipping Indians’ personal data to servers abroad have morphed into a political scandal in a country where privacy rules are weak and the data mining runs rampant.
Indian opposition leader Rahul Gandhi taunted the prime minister after a pseudonymous researcher found that Modi’s app was pumping private information such as citizens’ email addresses to servers controlled by a US firm.
“Hi! My name is Narendra Modi. I am India’s Prime Minister,” Gandhi wrote in a sarcastic Twitter post published Sunday.
“When you sign up for my official App, I give all your data to my friends in American companies.”
Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies.
Ps. Thanks mainstream media, you're doing a great job of burying this critical story, as always.https://t.co/IZYzkuH1ZH
— Rahul Gandhi (@RahulGandhi) March 25, 2018
But the Congress president did not comment on allegations that his own party had taken down a membership website and mobile app because of security flaws and allegations that it too was sharing people’s personal data.
Modi’s party has defended its own app, saying the harvested data is being used “only for analytics”.
Now it reads: “Certain information maybe processed by third party services.”
Intrusive data collection is common in the Wild West world of smartphone apps and social media.
But the recent scandal over Cambridge Analytica’s allegedly unauthorised harvesting of Facebook data and a series of leaks linked to India’s biometric database has refocused the public’s attention on digital privacy.
Digital law expert and author Pavan Duggal said Indian regulations offered particularly weak safeguards.
“India does not have any legal position on data mining,” he said.
“India does not have a dedicated law on data protection. India does not also have a law on privacy, nor do we have a dedicated law on cybersecurity.”
The researcher whose work touched off the scandal, alleged that whenever a user created a profile on Modi’s Android app, it shared their personal data without their consent.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
“The issue with this App is that they send the personal data of their user to a third party company without their consent,” Alderson told AFP in Twitter messages.
Operating under the handle “Elliot Alderson”, a name borrowed from the hacker drama Mr. Robot, he has had a busy few weeks needling Indian authorities about a series of data breaches. The app appears to be the first to have turned into a national scandal.
Indian journalist Pratik Sinha, who double-checked the researcher’s work, explained all the attention by pointing to the fact that Modi’s name was attached to the app.
“We are talking about the prime minister of the country,” he said.
Additional reporting by Agence France-Presse