Koo denies claims after cyber expert Elliot Alderson says app is leaking users’ personal data- Technology News, Firstpost
tech2 News StaffFeb 11, 2021 17:29:47 IST
Amid the ongoing free speech debate between Twitter and the Indian government, a made-in-India app called Koo has been gaining popularity – especially among Union ministers and the government departments. On Wednesday, the microblogging platform, Koo, crossed the three million users mark. However, in middle of the surging migration to the app, French cyber expert, Elliot Alderson, has reportedly found that the app has been leaking its users’ personal data, including email, birth date, name, marital status, and gender.
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, … https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L
— Elliot Alderson (@fs0c131y) February 10, 2021
Alderson shared another screenshot which shows that the Koo app is registered in China and is based out of the United States.
— Elliot Alderson (@fs0c131y) February 10, 2021
Meanwhile, dismissing the rumours, Aprameya Radhakrishna, the co-founder of Koo, put out a tweet saying that the “data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak.” However, Alderson responded to the tweet saying Aprameya’s claims were false.
@aprameya the screenshots of the 1st tweet has been done on this profile. Where do you see her dob? Her gender? Her marital status? pic.twitter.com/RCkTfJU1Vw
— Elliot Alderson (@fs0c131y) February 11, 2021
As per Koo‘s Terms of Services, which were updated on 1 January, 2021, users give the platform a license to maintain, delete or destroy all information and content uploaded to the platform. However, the terms also clarify that the company will not share personally identifiable information without users’ prior permission.
An excerpt from the Terms of Service reads:
“We reserve the right to maintain, delete or destroy all information, Content and materials posted or uploaded through the Service(s) pursuant to our internal record retention and/or destruction policies, upon reasonable notice provided to the you. We (may/may not) make use of third party cloud services provider or our own service infrastructure for hosting the servers and databases. While we make commercially reasonable efforts to ensure that the data stored on our servers is persistent and always available to the User, we will not be responsible in the event of failure of the third-party servers or any other factors outside our reasonable control, that may cause the User data to be permanently deleted, irretrievable, or temporarily inaccessible”.
(Also read: Twitter is welcome to do business in India, but it must respect Indian laws: MeitY)
Aprameya shared another tweet recently saying that Koo is made in India and its servers are also based in India.
We are an Indian company registered in India and servers are in India. pic.twitter.com/NMe80IR99s
— Aprameya R (@aprameya) February 11, 2021
Koo is an India registered company with Indian founders. Raised earlier capital 2.5 years ago. Latest funds for Bombinate Technologies is led by a truly Indian investor 3one4 capital. Shunwei (single digit shareholder) which had invested in our Vokal journey will be exiting fully
— Aprameya R (@aprameya) February 10, 2021
Amid the questions about the app’s “Indian-ness”, a CNBC TV18 report claims that Koo has a Chinese investor Shunwei Capital on board who is on its way out. “Shunwei Capital is a very small stakeholder in the company right now which will get bought out. They are in the process of exiting,” Aprameya Radhakrishna said.
(Also Read: Full text: Twitter responds to Indian government’s order to ban 1,178 accounts, underlines free expression)
Separately, the Koo co-founder recently also tweeted that since the issue was flagged, email logins on the platform have now been disabled.
95% of koo users login through their mobile phone number
Language communities of India do not use email to login and hence was not the priority of the company.
Email login was introduced recently
Now that concerns have been raised it has already been blocked from view— Aprameya R (@aprameya) February 11, 2021
We have reached out to Koo to learn more about the alleged data leak, and to understand, if true, how many users may have been affected.
(Also Read: India-made Koo sees surge in users amid Centre’s row with Twitter: A look at platform espoused by key Union ministers)
