NaMo App: Your Data Is Now BJP’s Electoral Weapon

The personal data of Indians is being leaked to all and sundry. And when the ruling political party is itself collecting and sending the data of unsuspecting citizens to foreign companies — as revealed by a French cyber security researcher on 23 March — little remedy can be expected.

At least two separate fact-checks, by AltNews and NDTV, confirmed that the official Narendra Modi Android application — popularly known as the NaMo App — sends users’ personal information to a third-party domain (in.wzrkt.com) owned by American company CleverTap, which helps marketers “identify, engage and retain users.” All of this without consent, of course.

The BJP responded by saying that data was being used only for analytics using third-party service, “similar to Google analytics”, in order to provide “contextual content”.

The NaMo app scam has come in the backdrop of the recent Cambridge Analytica expose which showed how the UK firm harvested Facebook data to target ‘psychographic’ advertising in the Trump campaign.

It also came to light that the Facebook app has been logging the history of people’s calls and text messages without their permission. Facebook responded to these reports with a blog post denying that the company surreptitiously collected call data, and clarifying that it never sells the data.

Quite apart from the NaMo app data being sent to a third party which could misuse it, consider this: now the BJP has in its possession 50 lakh users’ private data (acquired without their consent by the NaMo app) which it can analyse and use in whatever way it wants – from setting up their famed panna pramukhs and booth management system to targeting dissenters or others.

A day after the exposé, the privacy policy on the Prime Minister Narendra Modi’s website was quietly changed. Earlier, the privacy policy had lied that the users’ “personal information and contact details shall remain confidential” and that it “shall not be provided to third parties in any manner whatsoever without your consent”.

After the whole scandal broke open, it has been changed to say that “certain information may be processed by third party services” to offer “the most contextual content”, give “a unique, personalized experience according to your interests”, show “content in your own language”, etc.

The NaMo app gets access to 22 data points on your phone — including camera, microphone, photographs, location, contacts, etc. Compare this to the official app of the Prime Minister’s Office (PMO India App), which asks users for access to 14 data points.   

Reports have emerged that recently, around 13 lakh students enrolled in the National Cadet Corps (NCC) have been asked to install the NaMo app on their smartphones “ahead of a planned interaction with the prime minister soon”. Their mobile numbers and email IDs were also collected. So, the govt.’s invisible hand is firmly guiding people – including youngsters – to unknowingly become data providers to the BJP.

Earlier, the same French researcher — whose name, reportedly, is Robert Baptiste but who goes by the pseudonym of Elliot Alderson on Twitter — had been highlighting security loopholes and vulnerabilities in the infrastructure of Aadhaar — the biometrics-linked Unique Identification number project. The numerous data breaches enabled by the Aadhaar infrastructure in the past are no secret.

Besides, the NaMo app revelations come in the wake of the controversy involving Facebook and Cambridge Analytica, a British analytics and political consultancy firm that reportedly harvested data of around 50 million Americans to influence the US election results. There were allegations that it may have meddled in Indian elections as well, as BJP and the Congress had reportedly used the services of a partner Company named Ovleno Business Intelligence.

Even after the NaMo app revelations, the Congress and the BJP had an accusatory exchange, after Elliot Alderson revealed that when a person applied for membership in the official INCIndia app, the personal data was sent to a server located in Singapore. However, the privacy policy of the Congress app does clarify that information may be shared with third parties for various purposes.

Recently an RTI reply revealed that “a private vendor previously employed by the ministry of defence may have walked away with the personal data of 50 lakh ex-servicemen,” reported the website Janta Ka Reporter.

“The reply by the MoD, headed by Nirmala Sitharaman, raises several worrying questions in light of the latest reports of Facebook letting users’ data get compromised from its platform,” the report said.