Prime Minister Narendra Modi launched his official app with much fanfare for iPhones, Android devices and Windows phones. He told the country that he wanted the people of India to use the app and answer the 10 questions on demonetisation. And nearly seven million people downloaded this app. But on December 1, a 22-year-old managed to hack into it.
Hacker Javed Khatri has claimed that he hacked the PM's app according to YourStory. An email he sent to YourStory read as follows:
"I am able to access private data of any user on the app. The data includes phone number, email, name, location, interests, last seen etc. I successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani. Not only that, I can make any user on the platform follow any other user on the platform. This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored."
However, Khatri reiterated that he did not want to do anything malicious but just show that the app could be hacked because there were security flaws. He also sent YourStory numerous screenshots to show that his hack was real. In fact, he went on to show the personal data of Dr Jitendra Singh, who is the Minister of State for the Ministry of Development of North Eastern Region, which he reportedly got through the app.
But Amit Malviya, National Convener - Information and Technology, BJP told YourStory:
"We have come across a report about 'Narendra Modi Mobile App' in which a possibility to access user data has been mentioned. We would like to state that most of the data that is shared on the App is, anyway, in the public domain, for instance, comments posted by individual users, various posts, the groups and following list of every user, can be seen by anyone who is using the App. The App doesn't capture any private or sensitive data. App user's information is stored in an encrypted mode. We take data security very seriously, and adequate measures are in place to avoid any possible security breach or threat. We would like to thank Mr Javed Khatri for acknowledging that the developers have focused a lot on security. We have since had a constructive engagement and discussed various security measures to further enhance the security features of the app. Our digital assets are put through routine security audits and are in compliance with extant standards. In fact, we encourage anyone who has any suggestions or inputs on how we can improve the overall experience on the App is welcome to write to us through the feedback section in the App."