French security researcher Elliot Alderson on Monday claimed the official Androidapp of the Congress Party is sending personal data of users to the party’s website. In a series of tweets, Alderson alleged that the Indian National Congress’s Android app insecurely transmitted data to the party’s website without the user’s consent. Last week, Alderson claimed that India Prime Minister Namo app was sending personal data of users to a third-party company Clever Tap without their permission.
On Monday morning, the Congress App was no longer available on Google Play Store. A source in the Congress Party confirmed that the app has been taken down. “The app has been lying defunct for the last six months. We took it down today. We will be relaunching a new app in a few months.” The party will hold a press conference at 4 pm explaining its stand.
According to Alderson, the encryption of the app which collects membership data is encoded through HTTP which is considered an insecure way to transfer the data.’HTTPS’ is considered more secure; it simply means all communications between your browser and the website are encrypted. Aderson claims that the INC’s Android app is not using the HTTPS protocol, which means the data could potentially leak.
The researcher also goes on to claim that the IP address of ‘membership.inc.in, the website to which the Congress party app is linked, has been located in Singapore. However, Diyva Spandana has claimed that the Congress Party does not collect any personal data from the INC app. Instead, the party only collects data for membership through its website inc.in. The party also claimed that it has moved its membership domain to inc.in/membership and no longer accepts memberships from its app.
Users are already not happy with the way Facebook is handling the Cambridge Analytica data leak controversy. Back in India, both BJP and Congress parties have accused each other of mishandling user data by ‘flouting security norms’ in their respective apps.