As Koo gains momentum — three million downloads in the last 24 hours or so — as many in India believe that they should be using a desi aka Atmanirbhar app, the app has also started attracting scrutiny. How safe is it? That is the question. According to a French security researcher, Koo is not very safe, and currently, it is leaking a lot of sensitive user information including email ID, phone numbers and date of birth.
French cyber security researcher Robert Baptiste, popularly known as Elliott Anderson on Twitter, has looked at Koo and has found that it is leaking some user data. Baptiste earlier grabbed headlines after highlighting several vulnerabilities in the Aadhaar system. He has also highlighted a number of security bugs and vulnerabilities in other tech services.
Reacting to the data leaks, Koo has said, “Users enter their profile data on the app to be shared with others on the platform. That’s what’s displayed everywhere across the platform. While there have been false allegations of a data leak, it’s just commonly called the public profile page for all users to view!”
Talking about the Chinese investment, the company in a statement said, “Koo takes pride in being an Indian company with Indian founders and in being registered here. The recent investment in Bombinate Technologies Koo’s parent company was by Mohandas Pai of 3one4 Capital, an Indian investor. Shunwei, a single-digit shareholder that had invested in Vokal, another start-up of ours which answers user questions in Indian languages, will be exiting fully. Bombinate is the parent company of Vokal and Koo.”
Last night, Baptiste tweeted: “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking personal data of its users: email, dob, name, marital status, gender.”
After Twitter refused to block accounts of journalists, politicians, and activists tweeting on farmers’ protests, a push has been started by many to an Atmanirbhar social media app. Now, the Ministry of Electronics and Information Technology (MeitY) and other government departments have verified handles on Koo.