With the three million downloads in 24 hours, the Indian population believes that they should be using a ‘desi’ app inspired by ‘self-sufficient India’ aka ‘Atmanirbahr Bharat’. Koo app gained immense popularity in recent days and has also started attracting scrutiny. But the question arises – Is the Koo app safe?
A French security researcher, Robert Baptiste, commented on the safety of the Koo App. According to him, the Koo app is not safe and currently leaking lots of sensitive users’ personal information including Email address, ID, Phone number, and Date of Birth (DOB).
Robert Baptiste, a researcher at French Cybersecurity, who earlier made news in India by highlighting security loopholes in Aadhar has now taken a look into the Koo app and found it is fairly a leaky app. He has also highlighted a number of security bugs and vulnerabilities in other tech services.
Baptiste tweeted: “You asked so I did it. I spent 30 minutes on this new Koo app. The App is leaking the personal data of its users: Email, DOB, Name, Marital status, Gender.” He also added a screenshot in his tweet which is clearly showing that Koo is leaking some sensitive details and millions of users’ information, including Indian Government Employees and Ministers who have joined the services, have already been leaked or scrapped.
This Atmanirbhar social media app has come into existence after Twitter blocked some accounts of journalists, politicians, and activists tweeting on farmers’ protest. Now, the Ministry of Electronics and Information Technology (MeitY) and government departments have verified handles on Koo.
While supporting Atmanirbhar Bharat – Minister Piyush Goyal also joined Koo, reported in his tweet, saying “I am now on Koo. Connect with me on this Indian micro-blogging platform for real-time, exciting, and exclusive updates. Let us exchange our thoughts and ideas on Koo.”
Well, Baptiste is not the only one who has noted a bug in the Koo app. Replying to his tweet, another user noted that “It’s storing user tokens as frontend global variables if you know the token info of a user, go to/create you can directly put values in here, with inspecting mode which I think will enable the compose button and you can remotely tweet to that account with the token info.”
Reported Chinese Connection
Baptiste also shared the record for the domain Kooapp.com, which shows a Chinese connection but not 100% sure. The domain details shared by Baptiste shows historical ownership of the domain. The record reveals that it was created almost four years ago and since then it has changed hands several times. But there is a Chinese connection to the Koo app, and this is the small investment in a Shunein company, a venture capital fund that invests in startups.
However, Koo is claiming itself as a complete Atmanirbhar App and saying Shunwein would be existing the company and would be selling its stake soon. The co-founder of the Koo app tweeted: “Koo is an Indian registered company and with Indian founders. Raised earlier 2.5 years ago. The latest funds for Bombinate technologies are led by truly Indian investors 3one4 capital. Shunwei (single-digit shareholder) which had invested in our Vokal journey will be exiting fully.
