Ethical hacker Elliot Alderson, who exposed flaws in Aadhaar as well as the Aarogya Setu app, has now tested the Indian microblogging site Koo. Alderson said that his followers urged him to test Koo App and so he did. In a tweet, Alderson said that he found that the app is leaking personal data of its users.
Along with three screenshots, Elliot Alderson tweeted, "You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, ... (sic)"
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, ... https://t.co/87Et18MrOgpic.twitter.com/qzrXeFBW0L— Elliot Alderson (@fs0c131y) February 10, 2021
He also shared a snapshot of Koo App's details including the app's domain and registrant. The domain Koo App shows the IP geolocation as the US. It shows the name of the registrant as Tao Zhou, who also seems to be associated with over 100 domains. The state and country of the registrant is shown as Jiangxi, China.
In a subsequent tweet, Alderson shared a screenshot that showed the app was down. "And it's down," said the ethical hacker along with an image that shows the message 'no healthy upstream' under the Koo App url.
And it's down pic.twitter.com/FdSvIiYNA2— Elliot Alderson (@fs0c131y) February 10, 2021
Koo is a microblogging site like Twitter. It was launched in March 2020 and won the Prime Minister's Aatmanirbhar Bharat App Innovation Challenge in August. The app has since garnered millions of users. PM Modi also encouraged users to use the Koo App in his Mann Ki Baat speech.
Koo App has shot to fame overnight amid the government's spat with Jack Dorsey-helmed microblogging site Twitter. The government had asked Twitter to block 257 accounts and 1,178 accounts in two different orders. The social media giant blocked 126 from the first list and 583 accounts from the second. It stated that it would not block accounts of journalists, activists and politicians as it violated the right to freedom of speech.
It said a portion of the handles that were asked to be blocked by the government were withheld in India only and continue to remain visible outside India. Twitter also sought a meeting with the government. Upon resistance of its orders, the Union IT minister Ravi Shankar Prasad refused to meet the social media site officials. The IT secretary met the officials after postponing for a day. The government has not taken well Twitter's response and asked it to follow the orders and block 257 accounts, which it said, was non-negotiable.