Data security shouldn’t be political. It applies to all of us. Each one of us. Which is why this story is important.

The morning of December 2, news portal YourStory published an unsigned story titled “22-year-old hacker from Mumbai hacks Narendra Modi app, exposes threat to 7 million user data”. In it Javed Khatri, a 22-year old mobile developer from Mumbai, makes the following claim:

“I am able to access private data of any user on the app. The data includes phone number, email, name, location, interests, last seen etc. I successfully managed to extract the personal phone numbers and email ids of ministers like Smriti Irani (screenshot at the end of the article). Please find attached the screenshot.

“Not only that, I can make any user on the platform follow any other user on the platform. This is just the summary of this huge security loophole which I want to report. The privacy of more than seven million users is at stake if this gets ignored.”

The app Khatri was referring to was the official Android app of Indian Prime Minister Narendra Modi (NaMo app, for short), with over 7 million users.

Yet within hours, the story had vanished entirely from YourStory’s site, with the site implementing an HTTP 302 to redirect visitors to its home page instead. After radio silence from the site all through the day as social media users pilloried it for having deleted the article without any explanation, it put out a clarification later that evening.

Khatri’s website went down as well (and still was, at the time of writing this article), though it isn’t clear whether that was intentional or not.

Except for a handful of smaller players, none of the leading Indian newspapers, TV channels or online news portals covered the news. It was as if this never happened.

That’s not even the shocking part. It is this: this flaw was reported more than a year ago and even now hasn’t been properly fixed.

This “non-hack” — since it exploits some very basic flaws, making it like picking a lock made of paper — is a significant one because it sits at the intersection of various trends like digital citizen-government interactions, exploding mobile usage especially by first-time technology users, data security, and legal protection. Understanding this will require some patience, so with sleeves rolled up, let’s dive in.

Technology enables, technology exposes

How does the Narendra Modi app work?  It has a great many features, including a newsfeed, a social network, a survey component, etc., and also has gamification in the form of badges.  People are encouraged to provide personal details, being told that registration will enable them to: “join the conversation and be heard”, “contribute with special tasks”, “earn special credit points for every activity on the app”, and “receive personalised birthday greetings directly from PM Modi”. 

AUTHOR

Pranesh Prakash

Pranesh Prakash is a Policy Director at — and was part of the founding team of — the Centre for Internet and Society, a Bangalore-based non-profit that engages in research and policy advocacy. He is also the Legal Lead at Creative Commons India, and has been an Access to Knowledge Fellow at the Yale Law School's Information Society Project, and on the Executive Committee of the NCUC at ICANN. He has a degree in arts and law from the National Law School in Bangalore, and while there he helped found the Indian Journal of Law and Technology, and was part of its editorial board for two years.

View Full Profile

Subscribe to read this story

The Ken is the only business subscription you need. Questions?

 

Premium

  • 5 original and reported longform business stories every week
  • Access to ONLY India edition
  • Close to 250 exclusive stories every year
  • Full access to over 5 years of paywalled stories
  • Pick up to 5 premium subscriber newsletters
  • 4 original and reported longform business stories each week
  • Access to ONLY Southeast Asia edition
  • Close to 200 exclusive stories every year
  • Full access to all paywalled stories since March 2020
  • Pick up to 5 premium subscriber newsletters

Rs. 2,750 /year

$ 120 /year

India Edition
Subscribe Subscribe
Most Asked For

Borderless

  • 8 original and reported longform business stories each week
  • Access to both India and Southeast Asia editions
  • Close to 400 exclusive stories every year
  • Full access to over 5 years of paywalled stories across India and Southeast Asia
  • Unlimited access to all premium subscriber newsletters
  • Visual Stories

Rs. 4,200 /year

Subscribe
 

Echelon

  • 8 original and reported longform business stories each week
  • Access to both India and Southeast Asia editions
  • Close to 400 exclusive stories every year
  • Full access to over 5 years of paywalled stories across India and Southeast Asia
  • Unlimited access to all premium subscriber newsletters
  • Visual Stories
  • Bonus annual gift subscription
  • Priority access to all new products and features

Rs. 8,474 /year

Subscribe
Or

Questions?

What kind of subscription plans do you offer?

We have three types of subscriptions
- Premium which gives you access to either the India or the Southeast Asia edition.
- Borderless which gives you complete access to The Ken across both editions
- Echelon which gives you complete access to The Ken across both editions along with a bonus gift subscription

What do I get if I subscribe?

The Premium edition gives you access to stories in that edition along with any five subscriber-only newsletters of your choice.

The Borderless and Echelon subscription gives you complete access to The Ken across editions and unlimited access to as many newsletters as you like.

What topics do you usually write about?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics. We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

Our specialised subscriber-only newsletters are written by our expert, award-winning journalists and cover a range of topics across finance, retail, clean energy, cryptocurrency, ed-tech and many more.

How many newsletters do you have?

We are constantly adding specialised subscriber-only newsletters all the time. All of these are written by our team of award-winning journalists on a specialised topic.

You can see the list of newsletters that we publish over here.

Does a Premium subscription to your Indian edition get me access to the Southeast Asia edition? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

We recommend the Borderless or the Echelon Plan which will give you access to stories across both editions.

Do you have a mobile app?

Yes! We have a top-rated mobile app on both iOS and Android which allows you to read on-the-go and has some amazing features like the ability to bookmark stories, save on your device, dark mode, and much more. It’s really the best way to read The Ken.

Is there a free trial?

You can sign up for a free account to experience The Ken and understand our products better. We’ll send you some free stories and newsletters occasionally, and you can access our archive of previously published free stories. You can stay on the free account as long as you’d like.

The vast majority of our stories, articles and newsletters can be accessed only by a paid subscription.

Do you offer any discounts?

Sorry, no. Our journalism is funded completely by our subscribers. We believe that quality journalism comes at a price, and readers trust and pay us so that we can remain independent.

Do you offer refunds?

No. We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Just write to us at support@the-ken.com with details. We’ll help you out.

I have a few more questions. How can I reach out to you?

Sure. Just email us at info@the-ken.com or follow us on Twitter.