The homegrown app, Koo, has found itself in a controversy which claims that the app was witnessed breaching the data.
The Data Leak News
The news regarding the data leakage by the India bred platform, Koo, was brought into limelight after Robert Baptiste, a French Security Researcher, tweeted a code’s screenshot which mentions the data breach!
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, … https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L
— Elliot Alderson (@fs0c131y) February 10, 2021
The app was accused of revealing the personal data and that he spent his 30 minutes on the app after several Twitter users requested him to do so.
According to the French security researcher, the app leaks personal data including date of birth, marital status, gender, email and has suggested that the domain was registered in the US while the registrant was based in China.
The Data Breach Denial
Elliot Alderson, pseudonym account of Robert Baptiste, flagged severe concerns regarding the share of the user’s data on the gender, date of birth, marital status and various details were publicly available along with email ID of few users.
Aparameya Radhakrishna, CEO and co-founder of Koo, said that the question asked in the app relating to profile data was voluntarily disclosed on the platform and therefore cannot be termed as data leak.
Some news about data leaking being spoken about unnecessarily. Please read this:
The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway
— Aprameya R (@aprameya) February 11, 2021
He also mentioned that phone numbers were protected and not available to anyone for viewing. He said that the issue regarding the email IDs was fixed today and in the social media market no one logs in through email.
The email option was requested by corporate and was enabled 3 months ago but now the total user base for email ID acquires only 4%.
Links With The Chinese Investors:
In November, the Indian government banned several applications in India after they were found leaking the data of the Indian users and the privacy of the Indians were at risk.
The Made in India platform’s CEO, Aprameya Radhakrishna has mentioned that the links with Chinese investors will soon be cut off.
Regarding the information on links with a Chinese investor, Radhakrishna mentioned that the venture capital arm of Xiaomi, Shunwei Capital, did not participate in the fundraise which took place last week, after it got over $4 million.
The parent firm, Bombinate Technologies, houses Koo and Vocal.
He also stated in his statement that Shunwei invested in their Quora-like platform, Vocal, and they are being brought out.
The investment was completely International and involvement of top Indian entrepreneurs is witnessed in the current investing in the firm with the buying of the Shunwei stakes which was already in the process.
Is The Word “Data Breach” Really “Exaggerated”?
The ‘Desi’ micro blogging platform has been endorsed by several BJP politicians, ministers, several Government Departments and Ministries, and actors.
Radha Krishna responded to the claims that the exposed user data was already publicly available. He said that the data was voluntarily shown in their profile and hence cannot be termed as data leakage.
He also mentioned that claims regarding the session token management which gave access to some accounts has been fixed and the tokens have been disapproved.
To his tweet, Baptiste responded that all this is a “lie”.
Update: Koo founder commented the leak. It’s a lie. I did check this point before tweeting and it was not true https://t.co/ituNelED3c
— Elliot Alderson (@fs0c131y) February 11, 2021