On December 1, a 22-year old programmer from India made a startling revelation about the official Narendra Modi app – it had a security flaw which allowed him to access personal data belonging to users of the application. This included their name, phone number, email ID, location, last seen status, interests and so on.
According to YourStory, Javed Khatri was able to extract the contact details and email addresses of even top BJP ministers like Dr Jitendra Singh and Smriti Irani. A couple of hours after the report went live, it was taken down. Instead, a new post issuing a ‘clarification’ has been published along with a statement from Amit Malviya, the ruling party’s head of IT. He argues that most of the information shared by the app such as user comments and following list is in the public domain.
Malviya’s statement is rather unsatisfactory; it doesn’t mention anything about the phone numbers, email IDs and other sensitive data Khatri got his hands on, judging by the screenshots accompanying the original story. In fact is sounds almost self-congratulatory in parts. What else would you call the bit of his quote reading, “We would like to thank Mr. Javed Khatri for acknowledging that the developers have focused a lot on security.”?
So was Khatri blowing the issue out of proportion and lying about the kind of details he could access through the Narendra Modi tool? YourStory claims it retracted the first report since it did not take into account the counter-view of the app maker. We’re all in favor of unbiased journalism. But it’d take a certain class of stupid to think there’s nothing suspicious about this entire turn of events.
YourStory offered proof that Khatri had genuinely found a vulnerability in the NaMo application, by signing up for it and asking him to verify his allegation. A screenshot included in the interview with the young programmer reveals that he was able to access details of the publication’s Senior Writer, Jubin Mehta. A similar security flaw in the PMO app was discovered by Bhavyanshu Parasher in 2015.
Covering up such issues and hoping that no one will remember them is hardly the answer. As one commentator on the ‘clarification’ posted by YourStory noted, the Internet never forgets. The original story and screenshots indicating that the Narendra Modi app had a bug which could throw open private user information to cyber crimibnals, can still be seen here.