WHO IS ‘ELLIOT ALDERSON’?
The BJP says “the permissions required are all contextual and cause-specific” and that the “data is being used for only analytics using third party service, similar to Google Analytics. Analytics on the user data is done for offering users the most contextual content.” An archive search for the app’s privacy policy returned following result:
“Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you. The information shall not be provided to third parties in any manner whatsoever without your consent.” The terms appear to have changed after tweets by ‘Elliot Alderson’. The privacy policy now reads: “Certain information maybe processed by third party services to: — Offer you the most contextual content…” ‘Alderson’ says he has found ‘something interesting’ in the Congress’ membership app, too.
He says when you apply for membership in the Android app, your personal data is sent through an HTTP request to membership.inc.in. The data is encoded with “base 64” that is “very easy” to decode. HTTP, as indicated by ‘Alderson’, is a predecessor to HTTPS, a more secure protocol to keep data secure from hackers.
‘Alderson’ adds that IP address of membership.inc.in is 52.77.237.47. It is located in Singapore.
BJP'S IT cell in-charge Amit Malviya tweeted that the INC membership website is no longer available.
a server The Namo app asks for 22 permissions including access to location data, microphone and taking photos and videos. According to an analysis by The Indian Express, the PMO India App asks users for access to 14 data points. Amazon India asks for 17 permissions and PAYTM requires 26 data points. The Delhi Police’s app asks for access to 25 services. While the apps declare that they need permission for the mentioned services to perform their functions and it is normal for them to ask for access to a host of services, security experts say the issue with the Namo app is that it shares data with a third party without asking for users’ permission. “Message you will get 'We are incorporating minor changes to the website. Please visit us again in a while to access the INC membership process...' What is the Congress party trying to hide? http://membership.inc.in,” Malviya tweeted.
The Congress says “there is no truth to this allegation. There has been NO breach of Data whatsoever.” The party says the portal has not been used in over five months “since we moved membership to http://www.inc.in”
“With INC app was being used for Social Media updates alone since transitioning the membership to the website. This morning we were forced to remove the app from the Playstore as the wrong URL was being circulated & people were being misled.”