A French vigilante hacker alleged that personal data of the users of Modi's mobile app were being sent to a third party domain without their consent.

NaMo app does not seek blanket permissions for users data BJP
Atom Data Breach Monday, March 26, 2018 - 10:40

Hours after Congress President Rahul Gandhi, citing media reports, alleged that users data from the Narendra Modi app was being shared with third parties, the BJP denied the allegation saying the app does not ask for blanket permissions when started and "even allows access to users in ‘guest mode without even any permission for data.

"The Narendra Modi App is a unique app, which unlike most apps, gives access to users in ‘guest mode' without even any permission or data... The app does not ask for blanket permissions when the app is started," said a BJP source. 

Sources said the permissions required are all "contextual and cause-specific". For example, a selfie campaign requires access to the camera and/or photo gallery. 

"Contact access is required to connect with friends or fellow party workers on the New India connect module. If a person has entered his email address and date of birth, he receives a personalised birthday greeting from the Prime Minister. Each function asks for the specific permission when access is required," a source said.

Gandhi was referring to a media report in which a French vigilante hacker in a series of tweets alleged that the personal data including email IDs, photos, gender and names of the users of Modi's mobile app were being sent to a third party domain without their consent. 

However, the BJP sources said that the data exposed by the French Twitter user is the data "entered by the user on his own device" and hence it was "not a security breach", emphasizing that the person does not have access to "any data apart from his own data".

They held that the data is being used for analytics using third party service, similar to Google Analytics. 

"The data in no way is stored or used by the third party services. Analytics and processing on the user data is done for offering users the most contextual content. This ensures that a user gets the best possible experience by show content in his/her own language. 

"It also enables a unique, personalized experience according to a person's interests. For example, a person who looks up content related to agriculture will get agriculture related content prominently. A person from Tamil Nadu will get notifications in Tamil and get an update when the Prime Minister is in Tamil Nadu," the source said.

Interestingly, at the Google Play Store, the NaMo app describes itself as the "official app of the Prime Minister of India". However, the app -- or the website ‘narendramodi.in' -- is not owned by or affiliated to the India government, which generally uses the domain ‘nic.in' or ‘gov.in'.

The website is hosted by a US-based company Akamai, headquartered in Massachusetts and the app is owned by Modi in his private capacity, not by the Prime Minister's office, and he has provided 11, Ashok Road, New Delhi - BJP's headquarter till a few months back - as the registered address. 

The domain ‘naremdramodi.in' was created on February 28, 2005 (around a decade before he became the Prime Minister) and is scheduled to expire on February 28, 2019. 

However, the app was launched in June 2015. It has had 5 million downloads on the Google Play Store so far.

The app compulsorily asks for a user's name, email ID, phone number, profession and areas of interest when registering on it.

Become a TNM Member for just Rs 999!
You can also support us with a one-time payment.