ADVERTISEMENT

Is NaMo App Sending User’s Data to a Third Party Site? Apparently

Pushing personal information without a user’s consent is a serious privacy breach.

Updated
India
3 min read
Is NaMo App Sending User’s Data to a Third Party Site? Apparently

A French security researcher, who has kept UIDAI on their toes by exposing various security holes in the Aadhaar infrastructure, has claimed in a series of tweets that Prime Minister Narendra Modi’s application is sending personal information of its users to a third party website called in.wzrkt.com and it is doing so without the user’s consent.

Pushing personal information such as email, photo, name, gender, etc, to a third party website without a user’s consent is a serious breach of privacy. To ascertain whether this privacy breach occurred or not, Alt News decided to take a deep dive into this issue and investigated PM Modi’s Android App.

ADVERTISEMENT

Sniffing Data Transmitted by Your Phone

To ascertain whether your phone is transacting with a certain website or not, the data between the phone and the outside world needs to be intercepted. There are several software applications which allow one to do so. We used a popular software called Charles. As described on the Charles website, it enables one to view all the HTTP and SSL/HTTPS traffic between a machine and the Internet. The trial version of Charles works for 30 days after installation and runs only 30 minutes at a time. Details of how to configure Charles and your phone to intercept data is provided at the bottom of the article in the section “Technical Details”.

Intercepting Data

To verify the claim of the researcher, we installed the Narendra Modi Android app on our phone, tapped on the “Sign Up” button at the bottom and created a profile.

Is NaMo App Sending User’s Data to a Third Party Site? Apparently
(Photo Courtesy: Alt News)

During the process of creation of the profile leading upto a successful registration, the APP was transacting data over the Internet which we captured using the Charles software mentioned above. What we saw was that personal information such as name, email id, gender, telecom operator type and more was indeed being shared with the website in.wzrkt.com. In the screenshot below, it can be seen that the email-id pratik@xyzabc.com that we entered during registration has been sent to in.wzrkt.com.

Is NaMo App Sending User’s Data to a Third Party Site? Apparently
(Photo Courtesy: Alt News)

The video below will show a live demonstration of this fact-check and will show how personal information that you’re sharing with the Prime Minister’s app is indeed being sent to a third party website without your consent.

Watch: Demonstration of NaMo App Sent Users’ Info to Third Party Website

NOTE: Those are are not interested in the technical details of how to setup your phone and computer for intercepting data can skip the next section.

Technical Details

Once Charles is installed on your PC/laptop, your phone’s proxy server needs to be configured to point to the machine which has Charles running so that it can intercept all the traffic emanating from your phone. This is done by inputting the IP Address of your PC/laptop and the proxy server port (Default: 8888) that Charles is listening on in the proxy server section of the Wi-Fi Settings on your phone.

Is NaMo App Sending User’s Data to a Third Party Site? Apparently
(Photo Courtesy: Alt News)

Additionally, since the data that is being transacted between the Narendra Modi app and outside world is over HTTPS and is encrypted, one needs to install the Charles Root Certificate on your phone by pointing your Mobile browser to chls.pro/ssl and following the prompts.

Lastly, add in.wzrkt.com in the list at “SSL Proxy Settings” which in turn can be found in the “Proxy” main menu.

Is NaMo App Sending User’s Data to a Third Party Site? Apparently
(Photo Courtesy: Alt News)

Once the above settings are configured, Charles running on your machine is ready to intercept the data from the Narendra Modi app on your phone.

(This story was first published on Alt News and has been republished with permission.)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

ADVERTISEMENT
Published: 
Speaking truth to power requires allies like you.
Become a Quint Insider
500
1800
5000

or more

PREMIUM

3 months
12 months
12 months
Check Insider Benefits
ADVERTISEMENT
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!
ADVERTISEMENT