After targeting congress party for the huge security breach on the authorized mobile app of the Congress party.
The French hacker Elliot Alderson has now hit the app of Prime Minister Narendra Modi.
The hacker has explained his allegation through the sequence of tweets. He has suspected that the app delivered the IP address of users to US-based website api.narendramodi.in. This is done without their accord.
While explaining about the investigation the hacker suspected that PM Modi’s Android app disrupts European regulation norms along with the Google Play.
As per the hacker, “if you install the @narendramodi’s #Android #application on your phone, you are giving a lot of device information to @narendramodi without your consent”.
6 tweets that give rise to an investigation
“1/ In this request, the @narendramodi’s #Android #application sends silently and without the user’s consent, his IP address and a unique identifier of his phone. This personal data is sent to the website
2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is deliberated as a personal data, it is essential for the give his accord. Also, the user must be must be capable to choose out from this data collection.”
“3/ The @narendramodi’s #Android #application. Since the above-said requirements are not met so is breaking this European regulation.”
“4/ Moreover, not asking the user consent is a clear violation of the Google Play developer distribution agreement”
“5/ The unique phone identifier send by the @narendramodi’s #Android #application is composed of multiple devices specific information: board, brand, a name of the instruction set, a name of the industrial design, manufacturer, model, name of the product”
“6/ So if you install the @narendramodi’s #Android #application on your phone, you are giving a lot of device information to @narendramodi without your consent”.
IP address of the Congress’ membership page points to Singapore server
The French hacker had also suspected that when one applies for membership of the party through the official Congress app on Google PlayStore. Then the private data are send encoded through an HTTP request to the party’s membership page online.
Along with this, the unidentified hacker later claims that the personal data has no encryption. The encryption that makes decoding it relatively simple.
The most critical among these claims was the one. The claim is about IP address of the Congress’ membership page points to a server which is situated in Singapore.
All these tweets and claims might lead to a political war of words. It is between the Congress and the BJP.
This is so because the IT chief Amit Malviya stated in his tweet account that “Rahul Gandhi gave a call to #DeleteNaMoApp, but Congress deleted its own App from the App store after they were called out. What is the Congress party hiding?
Ingoing damage control manner, Divya Spandana, Congress’ Social Media and Digital Communications head also gave the statement. She said“Clarification: We don’t drive membership through the app, it’s done through our website http:// www.inc.in Servers for these are based in Mumbai. As you may have noticed, the link on the app is broken.