Koo app or the so-called Indian alternative of Twitter is gaining wide popularity in the country as the battle between the Indian government and the microblogging site continues. The social media app has been downloaded by over three million Android users already, which is a big number for a Made in India app. It is available to be downloaded on the Google Play Store as well as Apple App Store. While it’s great to see people flocking to the Made in India Koo app from Twitter, there’s something that should worry the users.
The popular French cybersecurity researcher Robert Baptiste, who goes by the name Elliott Anderson on Twitter, said that he spent some time using the application and found that it is leaking some crucial user data including name, date of birth, gender and more. The cybersecurity researcher said in a tweet last night “you asked so I did it. I spent 30 min on this new Koo app. The app is leaking personal data of its users: email, dob, name, marital status, gender.”
Koo denies claims of data leak
Koo has a clarification on this claim. In an official statement, the company denied claims of data leak and stated, “users enter their profile data on the app to be shared with others on the platform. That’s what’s displayed everywhere across the platform. While there have been false allegations of a data leak, it’s just commonly called the public profile page for all users to view!”
Not only Baptiste but other users have also found the application leaking the personal information of users. Replying to Baptiste’s tweet another user stated. “It’s storing user tokens as frontend global variables if you know the token info of a user. go to /create you can directly put values in here, with inspecting mode which I think will enable the compose button, and you can remotely tweet to that account with the token info.”
Speaks about the Chinese connection
Additionally, there are reports that Koo has a Chinese connection. The platform has a small investment in the company by Shunwei, which is connected to Chinese smartphone manufacturer Xiaomi. In some of the recent tweets, Koo claimed that it is a total Atmanirbhar app and says that Shunwei will be exiting the company and sell all its stake soon.
Commenting on the Chinese connection, Koo co-founder said, “Koo is an India registered company with Indian founders. Raised earlier capital 2.5 years ago. The latest funds for Bombinate Technologies are led by a truly Indian investor 3one4 capital. Shunwei (single-digit shareholder) which had invested in our Vokal journey will be exiting fully.
The company earlier today stated, “Koo takes pride in being an Indian company with Indian founders and in being registered here. The recent investment in Bombinate Technologies Koo’s parent company was by Mohandas Pai of 3one4 Capital, an Indian investor. Shunwei, a single-digit shareholder that had invested in Vokal, another start-up of ours which answers user questions in Indian languages, will be exiting fully. Bombinate is the parent company of Vokal and Koo.”