French security researcher Elliot Alderson has accused privacy security breach by Congress’ official app.
https://twitter.com/fs0c131y/status/978082892206231553?ref_src=twsrc%5Etfw
According to Alderson, the encryption for the app which collects membership data is encoded through HTTP (unsecured), and not HTTPS (secured). He further said that it is relatively easier to decode the personal data, which is encoded with base 64.
https://twitter.com/fs0c131y/status/978082897541419009?ref_src=twsrc%5Etfw
He further states that the IP (internet protocol) address of membership.inc.in is located in Singapore.
https://twitter.com/fs0c131y/status/978082900158681090?ref_src=twsrc%5Etfw
Congress social media head Divya Spandana has claimed that Congress does not conduct membership drives through the app, but it only through the website inc.in. She also claimed that the servers are based in Mumbai.
However, she soon got called out by a Twitter user who claimed that the app did have membership option. However, now the app itself has now been removed from Google Play Store. Though there has been no official confirmation about the deletion of the app from the Congress party.
https://twitter.com/nikhilnarayanan/status/978104949421854720?ref_src=twsrc%5Etfw
https://twitter.com/Gujju_Er/status/978150262102724608?ref_src=twsrc%5Etfw
In fact, Elliot Alderson himself noticed the app missing from playstore.
https://twitter.com/fs0c131y/status/978156465092485120?ref_src=twsrc%5Etfw
The web cache of the app, which has now been reportedly removed, also talks about membership drive being carried out through the app.
The privacy policy on their website, inc.in, is also shocking. The website states that the data collected by the website through the membership information you post could be shared with vendors, consultants and other service providers who ‘need access to such information to carry out their work’ for Congress.
https://twitter.com/amishra77/status/978120153555718144?ref_src=twsrc%5Etfw
Congress website further washes hands off the responsibility of privacy of your data once the third party gets involved.
This raises serious doubts regarding the collecting the data of citizens and allowing third party access to the same, especially in light of allegations against UK based data analytics company, Cambridge Analytica, which was reportedly helping Congress win elections.