Engineer developed app from database
BENGALURU: Police are investigating how a Bengaluru-based engineer gained access to the Aadhaar database to develop an Android application that seemed to be able to pull out confidential details using the 12-digit unique identity numbers.
Activists have criticised the A ad ha ar programme for impinging on privacy, and a number of cases where government websites leaked people’s 12-digit ID numbers have mounted worries that flaws in the system could make it vulnerable to abuse and crimes like identity theft.
The engineer, Abhinav Srivastava, has been accused illegally accessing the Aadhaar database and sources say that the way he did it could involve either the collusion of others who had access or a hack.
Srivastava has been booked under sections of Aadhaar Act that outlaws access and distribution of Aadhaar data, and sections of Information Technology Act that deal with hacking.
The USP of his application — named A ad ha ar KY C, which was taken down from Google’s Play Store—was to provide KYC verification using Aadhaar data.
An official of the UIDAI at the headquarters in Delhi denied its servers could have been hacked, and suggested the information may have been leaked from National Informatics Centre, or any of the agencies authorised to provide KYC services.
“The UIDAI database is very secure,” the official said. “This seems to have happened at the level of the Authentication User Agency (AUA) or e-KYC User Agency (KUA).”
“The matter is now with police and let us wait for the investigation to be completed,” the official added. Staff at the regional UIDAI office in Bengaluru, which also houses the technical centre where data from across the country is stored, said this was the first such case in the city.
Srivastava headed Qarth Technologies, which built a mobile payments app called X-Pay acquired by Ola in March 2016. Sources said the app Aadhaar KYC was developed in his personal capacity.
A statement issued by Ola said: “Ola has neither commissioned nor is involved in any such activity. No such complaint has been brought to our notice.” Bengaluru Police commissioner Praveen Sood said two people had been identified, and no arrests had been made till Thursday evening.
THE USP OF HIS APPLICATION — NAMED AADHAAR KYC, WHICH WAS TAKEN DOWN FROM GOOGLE’S PLAY STORE —WAS TO PROVIDE KYC VERIFICATION USING AADHAAR DATA