After spotlight on NaMo app, anonymous hacker shows Congress app may be leaking data too

After alleging that the NaMo app sends user data - without permission - to a firm in the United States, a French Twitter user has hinted that the Congress app may too be leaking information to a firm in Singapore.

Elliot Alderson (@fs0c131y) on Monday tweeted that when one applies for membership of the party through the official Congress app on Google PlayStore, personal data are send encoded through a HTTP request to the party's membership page online. The anonymous hacker then claims that the personal data has no encryption which makes decoding it relatively simple.

The IP address of https://t.co/t1pidQUmtq is 52.77.237.47. This server is located in Singapore. As you are an #Indian political party, having your server in #India is probably a good idea. pic.twitter.com/tbspCtOPfB — Elliot Alderson (@fs0c131y) March 26, 2018

The most damning of his allegations though is that the IP address of the Congress' membership page points to a server located in Singapore.

(Also read: Did Congress just delete its official app on PlayStore?)

While many Twitter users slammed Congress after the latest expose by Alderson, there were also several who pointed out that having servers in another country was not conclusive proof that data was being leaked. Nonetheless, the hacker - whose profile calls him/her a French security researcher - has called for better encryption of online data of people at large. His appeal comes at a time when several netizens accused him of having a political vendetta.

In fact, after his allegations that NaMo app sends user data to companies in the US, Alderson had clarified he had no political agenda in putting his investigations in public domain. At the time, he had also said he would look into the Congress' official app.

At the time of publishing this report, Congress had issued no reaction.