French security researcher Robert Baptiste has come under the spotlight earlier for finding flaws in India’s Aadhaar system and has found loopholes in other apps and services too
French security researcher, Robert Baptiste — better known as Elliot Alderson on Twitter — has accused homegrown Twitter alternative Koo of leaking user data.
“You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of his users: email, dob, name, marital status, gender…" Baptiste said on Twitter today. Baptiste has come under the spotlight earlier for finding flaws in India’s Aadhaar system and has found loopholes in other apps and services too.
Further, Baptiste posted a second screenshot suggesting that the homegrown app has Chinese connections. The screenshot shows who.is data for a server, which is based in the United States but registered by someone called Tao Zhou, who is based in Jiangxi, China. Koo co-founder, Aprameya Radhakrishna, had earlier said that Chinese Shunwei Capital was an investor in the social platform but the company was in the process of exiting. Who.is data is an Internet record for the owner of a domain and methods to contact them.
Baptiste’s tweet, which has been retweeted over 2,500 times already, could spell trouble for the social platform that has been riding the nationalism wave in the country. Koo’s founders have acknowledged the fact that being a “local" platform has helped them gain traction. Additionally, the app gained popularity yesterday when the Ministry of Electronics and Information Technology (MeitY) responded to a public statement by Twitter via a post on Koo.
Koo co-founder Aprameya Radhakrishna downplayed concerns around the data leak, on Twitter, saying, “The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway."
He posted another tweet an hour later, saying, “95% of koo users login through their mobile phone number. Language communities of India do not use email to login and hence was not the priority of the company. Email login was introduced recently. Now that concerns have been raised it has already been blocked from view."
The company also issued a statement about its Chinese connections, though it didn’t directly address the server pointed out by Baptiste.
"The recent investment of $4.1 mn in Bombinate Technologies – Koo’s parent company was led by 3one4 Capital, an Indian investor. Shunwei had not participated in the latest round of funding. Shunwei that had invested in the company for the earlier product Vokal which answers user questions in Indian languages, will be exiting fully with the new investors buying their stake. Existing investors including 3one4 Capital, Kalaari and others will also be buying out some of the stake. Koo is a fully Aatmanirbhar app with Indian founders and India registration," the company said in a statement.
Koo counts Union Ministers Piyush Goyal and Ravi Shankar Prasad among its user base. Madhya Pradesh chief minister, Shivraj Singh Chouhan, has also joined the platform, as have celebrities like cricketer Anil Kumble. The app had also been mentioned by Prime Minister Narendra Modi on his Mann Ki Baat, and several ministries have official accounts on the platform too.
The Indian social media platform has also gained from the government’s tussle with Twitter, after the American micro-blogging platform refused to comply fully with a government takedown request for thousands of accounts. In a statement yesterday, Twitter said it wouldn’t fully comply with the government’s request. The app has amassed over 3 million new downloads in the past three days.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint.
our App Now!!