NEW DELHI: Hours after a French hacker's Twitter account pointed at a massive security breach on INC official App, the Congress party removed its app from Google Play Store.
On Monday morning, the French hacker - Elliot Alderson (@fs0c131y) tweeted, “When you apply for membership in the official @INCIndia #android #app, your personal data are send encoded through a HTTP request to http:// membership.inc.in.”
The Twitter handle added that the encryption for the app which collects membership data is encoded through HTTP (unsecured) and not HTTPS (secured), adding that it's easier to decode the personal data "encoded with base 64".
— Elliot Alderson (@fs0c131y) March 26, 2018
Later, Alderson tweeted, “Did @INCIndia removed their #android #app from the PlayStore just before my tweet?”
Immediately after, BJP's IT cell chief Amit Malviya attacked Congress, “Rahul Gandhi gave a call to #DeleteNaMoApp, but Congress deleted its own App from the App store after they were called out. What is the Congress party hiding?”
Entering damage control mode, Divya Spandana, Congress' Social Media and Digital Communications head, said, “Clarification: We don’t drive membership through the app, it’s done through our website http:// www.inc.in Servers for these are based in Mumbai. As you may have noticed, the link on the app is broken.”
To this, Malviya tweeted:
INC membership website no longer available. Message you will get “We are incorporating minor changes to the website. Please visit us again in a while to access the INC membership process...” What is the Congress party trying to hide? https://t.co/siVExc6T68
— Amit Malviya (@malviyamit) March 26, 2018
A day ago, the same hacker had claimed that official Narendra Modi app or NaMo App downloaded over five million times on Android alone, sent user data to an American firm without user's consent.
The allegations sparked a furore on social media, with both BJP and Congress launching into tirades against each other.