Hailed to be an Indian alternative to popular social networking site Twitter, KOO has been surrounded by controversy around leaking user data. While on one hand, the company confirmed users' data to be safe, a known ethical hacker found the app to be leaking personal data. The app shot to fame amidst the recent row between the government of India and Twitter, where several union ministers created their accounts on KOO and asked people to follow them as well.
"We are not presently monetising and hence don't have the need to share data with any third party. So that is safe. We will innovate and always try and figure a way to monetise that is not a risk to users," says Aprameya Radhakrishna, CEO and Co-founder, KOO.
However, ethical hacker Elliot Alderson has now tested microblogging site Koo and found the app is leaking personal details of the users including email, date of birth, name, marital status, gender amongst others. Alderson had exposed flaws in Aadhaar and the Aarogya Setu app in the past.
According to the company's 'Terms of Services' update on January 1, 2021, users give KOO a license to fully use the information. But the company will never share personally identifiable information without users' prior permission.
"We reserve the right to maintain, delete or destroy all information, Content and materials posted or uploaded through the Service(s) pursuant to our internal record retention and/or destruction policies, upon reasonable notice provided to the you. We (may/may not) make use of third party cloud services provider or our own service infrastructure for hosting the servers and databases. While we make commercially reasonable efforts to ensure that the data stored on our servers is persistent and always available to the User, we will not be responsible in the event of failure of the third-party servers or any other factors outside our reasonable control, that may cause the User data to be permanently deleted, irretrievable, or temporarily inaccessible," it reads.
Another controversy surrounding KOO is about its origin. While the company claims it to be an Indian registered company, the domain name has been registered under a Chinese national. Radhakrishna had tweeted that "Koo is an India registered company with Indian founders. Raised earlier capital 2.5 years ago. Latest funds for Bombinate Technologies is led by a truly Indian 3one4 capital. Shunwei (single digit shareholder) which has invested in our Vokal journey will be exiting fully."
Alderson also tweeted that Kooapp.com was registered on April 16, 2017 by Tao Zhou from China. The user is associated with 100+ other domain names as well. KOO has crossed over 3 million subscribers since its launch in March 2020 and is being actively used by the government of India.