Is PM Modi's APP sharing personal data with a third party without your consent? YES - Alt News
Pratik Sinha
24th March 2018 / 6:13 pm / Last updated: 25th March 2018
A French security researcher, who has kept UIDAI on their toes by exposing various security holes in the Aadhaar infrastructure, has claimed in a series of tweets that Prime Minister Narendra Modi’s application is sending personal information of its users to a third party website called in.wzrkt.com and it is doing so without the user’s consent.
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers" pic.twitter.com/Ikqp9GbCDm
— Elliot Alderson (@fs0c131y) March 23, 2018
Pushing personal information such as email, photo, name, gender etc to a third party website without a user’s consent is a serious privacy breach. To ascertain whether this privacy breach occurred or not, Alt News decided to take a deep dive into this issue and investigated PM Modi’s Android App.
To ascertain whether your phone is transacting with a certain website or not, the data between the phone and the outside world needs to be intercepted. There are several software applications which allows one to do so. We used a popular software called Charles. As described on the Charles website, it enables one to view all the HTTP and SSL/HTTPS traffic between a machine and the Internet. The trial version of Charles works for 30 days after installation and runs only 30 minutes at a time. Details of how to configure Charles and your phone to intercept data is provided at the bottom of the article in the section “Technical Details”.
To verify the claim of the researcher, we installed the Narendra Modi Android app on our phone, tapped on the “Sign Up” button at the bottom and created a profile.
During the process of creation of the profile leading upto a successful registration, the APP was transacting data over the Internet which we captured using the Charles software mentioned above. What we saw was that personal information such as name, email id, gender, telecom operator type and more was indeed being shared with the website in.wzrkt.com. In the screenshot below, it can be seen that the email-id [email protected] that we entered during registration has been sent to in.wzrkt.com.
The video below will show a live demonstration of this fact-check and will show how personal information that you’re sharing with the Prime Minister’s app is indeed being sent to a third party website without your consent.
NOTE: Kindly watch the video in Full HD/1080p for better viewing.
NOTE: Those not interested in the technical details of how to setup your phone and computer for intercepting data can skip the next section.
Once Charles is installed on your PC/laptop, your phone’s proxy server needs to be configured to point to the machine which has Charles running so that it can intercept all the traffic emanating from your phone. This is done by inputting the IP Address of your PC/laptop and the proxy server port (Default: 8888) that Charles is listening on in the proxy server section of the Wi-Fi Settings on your phone.
Additionally, since the data that is being transacted between the Narendra Modi app and outside world is over HTTPS and is encrypted, one needs to install the Charles Root Certificate on your phone by pointing your Mobile browser to chls.pro/ssl and following the prompts.
Lastly, add in.wzrkt.com in the list at “SSL Proxy Settings” which in turn can be found in the “Proxy” main menu.
Once the above settings are configured, Charles running on your machine is ready to intercept the data from the Narendra Modi app on your phone.
Co-Founder Alt News, I can be reached via E-mail at [email protected] and on Facebook at https://fb.com/freethinker.
Follow @free_thinker
Rahul and Priyanka Gandhi recently performed aarti at the Narmada Ghat in Madhya Pradesh’s Omkareshwar…
In the wake of the alleged murder of Shraddha Walkar by his partner Aftab Amin…
The video of a group of people stopping an e-rickshaw with BJP flags attached to…
Last week during the G20 summit in Bali, world leaders were informed of a missile…
Recently, several prominent BJP leaders claimed that Prime Minister Narendra Modi had intervened to stop…