The Bharatiya Janata Party (BJP) and Congress spent the whole of Monday exchanging barbs over whose app accumulated more public data and stowed it away either at US- or Singapore-based data centres. Technology experts believe that while the data accumulated by the INC App, run by the Congress, might have accumulated some data on its users, the damage done by might be far more, considering the sheer number of (five million to date), as well as the past history of risk owing to its in-app security features or the lack of them. Problems in the in-app security in the were in fact flagged back in 2015. Also, allegedly not asking for the user’s consent before changing the terms and conditions was another thing industry experts believed was a dangerous trend. Problems with NaMo app As allegations of details of users being stored with a US-based company cropped up, sources close to the information technology (IT) cell of the said every single byte was kept at data centres in India. “It is an app for Indians, created by a party. Those who are taking uneducated guesses should know that none of the data is being kept abroad,” a person with the party’s IT cell said. However, industry experts are worried about bigger problems with the app, which the people behind it were informed about as early as 2015. From major gaps in the security of the app that could lead to a hacker getting hold of passwords users, to modifying the mandatory privacy policy without informing anyone, experts raised a lot of concerns about the “It earlier said that your information would not be shared with any third party; now it says information may be shared with third parties. This change happened after the tweets came out. No one was informed of these changes. Also, there was no apology for the data breach that happened either,” said Pranesh Prakash, policy director at think tank The Centre for Internet & Society (CIS).

The data being collected by the app as of a few days ago and the privacy policy that it was linked to was not in confluence with one another. Rather than changing how the data is handled, they changed the privacy policy, without notifying users, security experts said. In 2015, security experts had informed people behind the about the data being susceptible. While the breach was fixed, experts said none of the users were asked to change their passwords, The Ken reported in December 2016.