The Narendra Modi app was accused of sharing user’s personal data to a third party and the Congress’ app allegedly had their servers in Singapore.

Explainer Why have BJP and Congress locked horns over their respective apps
news Privacy Monday, March 26, 2018 - 17:08

Data breach is the new term that’s on everyone’s lips, and now after the Facebook - Cambridge Analytica scandal, the Bharatiya Janata Party and Indian National Congress are embroiled in data breach controversies of their own.

A French security researcher, who goes by the moniker Elliot Alderson, put out a tweet on Saturday, highlighting how if one creates a profile on the Narendra Modi app, the user’s personal data and device info was being sent to a third party without the consent of the user themselves. The information was being sent to a company called CleverTap, who, by their own admission, “enables marketers to identify, engage and retain users and provides developers”.

The data that was being sent to CleverTap included the person’s name, phone number, email, gender and so on.

CleverTap was found to be registered in the USA. What’s worse, however, is that the Privacy Policy of the app explicitly stated that the information of the users would not be shared with a third party. Once Elliott’s tweet was widely reported, a quiet change was made to the app’s Privacy Policy, which stated that some information was being shared with a third party to “offer you the most contextual content”, among other reasons.

Someone from the team also got in touch with Elliot, saying that they used CleverTap only for analytics.

This entire exchange, however, set the cat among the pigeons, with the Congress swooping in on the opportunity.

Congress President Rahul Gandhi started a campaign to delete the app.

In response, the BJP’s official Twitter handle also put out a tweet, reiterating the same point they had made in the conversation with Elliot.

On the Google Play Store, the Narendra Modi app, which currently has over 5 million downloads, was launched as a way to directly interact with the Prime Minister. It’s also where users listen to Mann Ki Baat.

Read: NaMo app does not seek blanket permissions for users' data: BJP

Although the dust around the NaMo app had not begun to settle on Sunday, Elliot announced that he would be looking for loopholes in the Indian National Congress app.

On Monday, Elliott put out a series of tweets highlighting the basic levels of encryption the app had, and that the app’s servers were in Singapore.

However, on the very day that the Congress called for the NaMo app to be deleted, they ended up deleting their own – With INC.

The BJP wasn’t one to back down, and were swift to point out the hands of the Congress -- who had gone all guns blazing at the BJP -- weren’t clean themselves.

Congress social media head Divya Spandana and the Congress’s official handle, in a clarification, said that they were not collecting data through the app, and the link provided through app was defunct and was hence taken down from the Play Store.

In the wake of Cambridge Analytica and multiple Aadhaar leaks, the fight over privacy policies between the two major political parties just got interesting.

Show us some love! Support our journalism by becoming a TNM Member - Click here.