This morning we published a story about a 22-year-old hacker, Javed Khatri, who claimed to have found vulnerabilities in the Narendra Modi app. We took down the story approximately two hours later. Why did we do this?
YourStory applauds young doers and gives them a voice. Javed brought this information to us; however, the article did not cover the other point of view, that is, of the app maker, as we could not reach the relevant person. We have received an official statement from Amit Malviya, National Convener - Information & Technology, BJP, saying:
“We have come across a report about ‘Narendra Modi Mobile App’ in which a possibility to access user data has been mentioned.
“We would like to state that most of the data that is shared on the App is, anyway, in the public domain, for instance, comments posted by individual users, various posts, the groups and following list of every user, can be seen by anyone who is using the App. The App doesn’t capture any private or sensitive data. App user's information is stored in an encrypted mode.
“We take data security very seriously, and adequate measures are in place to avoid any possible security breach or threat.
“We would like to thank Mr. Javed Khatri for acknowledging that the developers have focussed a lot on security. We have since had a constructive engagement and discussed various security measures to further enhance the security features of the App.
“Our digital assets are put through routine security audits and are in compliance with extant standards. In fact, we encourage anyone who has any suggestions or inputs on how we can improve the overall experience on the App is welcome to write to us through the feedback section in the App.”
Varun Nair, an information security professional, said:
“While browsing through the Internet today, I happened to learn about an article on the Narendra Modi app security breach. Being an Information Security Professional myself, I was curious to delve more into this issue as it could be an issue of national concern. However, after a thorough review of the same, I can say this with a great degree of confidence that there no major security loophole in the app which would result in any risk to the user data.
“I would also like to inform all hackers that it is against the ethics of the white hat hacking community who support the national cause, to go public with any apparent loophole in any of any such digital assets. Instead, the best practice would be to approach the administration team to get any such loopholes rectified as soon as possible.”
We then checked back with Javed Khatri, and here's what he had to say:
“Here is my take on this. Since I had no opportunity to talk to the team directly, as a young person, I thought YourStory would be the right place to voice my concern. My only intention behind this was to bring the possible security issue and not to harm anyone.
I had a discussion with the app team and they gave me a clarification. We had a constructive dialogue on this and we are working on this together. They assured me on the security features. We also discussed about the other app ideas and they were quite constructive. They were welcoming of new ideas. In future, I would love to work with the team and contribute to the nation’s success."
YourStory had originally published the story in the interest of information security, especially around an app that is one of the most popular in the country. We appreciate the government's proactive response in reaching out to Javed.