Narendra Modi's Personal App Sparks India Data Privacy Row

Narendra Modi was early to recognise the potential of social media as a political tool.

The Indian prime minister's Twitter account was set up nearly a decade ago and now has more than 40m followers. A year after his election, he launched a "NaMo" app to engage his supporters by promoting his activities and initiatives and allowing them to send in their own ideas and feedback.

But now the NaMo app — which has been downloaded more than 5m times from the Google Playstore and is pre-installed on low-cost phones distributed by Reliance JioPhone — is at the centre of a fierce row on data privacy that has echoes of the uproar in the US and the UK over the political marketing techniques used by Cambridge Analytica.

The row erupted after a French app developer and cyber-security researcher claimed on Twitter late last week that the NaMo app was sending user data to a third party — a US-based analytics company called CleverTap — allegedly without users' permission — apparently violating the terms of the Google Playstore. The app's privacy policy was quickly changed.

But the Indian Express newspaper subsequently reported that the NaMo app's default permission settings gave it nearly full access to the data stored on users' phones, including photos and videos, contacts, location services and even the ability to record audio — though savvy users could opt out by disabling the permissions for those features.

The allegations have sparked a bitter war of words between Mr Modi's Bharatiya Janata party and the opposition Congress, with each accusing the other of misusing users' data as India gears up for what are expected to be hard-fought national elections in the next year.

"Modi's NaMo app secretly records audio, video, contacts of your friends & family and even records your location via GPS," Rahul Gandhi, Congress leader, tweeted this week. "He's the Big Boss who likes to spy on Indians."

Amit Malviya, the former banker who is the BJP's head of information technology, rejected the allegations of impropriety, accusing Mr Gandhi of "technological illiteracy".

"Anyone who uses a smartphone knows that mobile apps request permissions, relating to camera, microphone etc," Mr Malviya wrote in an Indian Express op-ed on Tuesday. "Do all these apps employ this for snooping?"

Mr Malviya has also publicly criticised Congress — which lags the BJP in its use of social media — for the loosely worded privacy policy of its own official website.

"Full marks to the [Congress] for stating upfront they'll give your data to practically anyone," he tweeted. "In theft of all forms Congress has never been discreet."

In fact, India has no comprehensive data privacy or security laws that apply to either the government or political parties; the only legal provisions that address data protection and privacy issues are applicable to companies.

But the controversy highlights how many Indians — like their western counterparts — are becoming uneasy as they wake up to the data-gathering potential of apps that they have enthusiastically embraced for their convenience and entertainment.

"People are outraged that there is a peephole," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, a non-profit research organisation. "They are not outraged that anyone has looked into the peephole — because there is no evidence of that yet."

It remains unclear how much data was collected by the NaMo app, though the French researcher, Robert Baptiste — who tweets under the pseudonym Elliot Alderson — said on Twitter that users' personal details, including their photo and device information, were all sent to CleverTap once a user profile was created.

CleverTap, which was founded in 2013 and is backed by Sequoia Capital and Accel Capital, says it uses behavioural analytics to help brands identify, target and engage customers, and it claims to have "the world's most powerful segmentation engine".

CleverTap, whose three co-founders previously worked at Network18, one of India's largest media houses, boasts clients such as Sony and Star TV, large Indian internet companies such as food-ordering app Zomato and BookmyShow, and charities.

CleverTap did not respond to requests for comment.

But Mr Malviya told the FT that CleverTap was an "analytical tool" used to help the app provide the most relevant information to users, including alerting them to when Mr Modi might be holding a campaign rally or making a public appearance near them.

"It is not different from what Facebook does — that is how all apps are," Mr Malviya said. "They study the user pattern; the surfing behaviour and they help in providing more contextual information to the user."

For Mr Abraham, however, the controversy demonstrates that "Indian political parties have a voracious appetite for political data. If unchecked by law or public outrage, they will continue to hoover up as much data as they can from our devices."

Growing western anger over the use of Facebook data — and the activities of Cambridge Analytica — is also reverberating in the world's largest democracy.

"Privacy is definitely a political issue," says Mr Abraham. "Political parties are reacting not because they will get into trouble under the law. They are reacting because they are afraid their supporters may not like it."