Parties' Apps Want Access to Users' Key Data

NEW DELHI: On Friday evening, #DeleteNaMoApp was among the top Twitter trends nationally, with Congress party members driving the hashtag. By next morning, the tag had over 30,000 tweets. BJP IT cell head Amit Malviya responded on Twitter with screenshots of a Narendra Modi Android app page, which said, "No permission is compulsory on the NM app."

At the heart of such exchanges is the new elephant in the political room: data-harvesting.

After recent revelations of how stolen user information from Facebook was used by UK-based big data firm Cambridge Analytica to influence the US presidential elections, questions of privacy invasion and possible manipulation are now being raised in India. TOI took a close look at various apps belonging to the BJP, the Congress and the SP. The BJP party app asks for access to phone, photos, media, files, storage, device ID, call information and network connections. The BJP-owned Narendra Modi Android app requires access to contacts on a user's phone, accounts on the device, its GPS location, USB storage, microphone, camera, storage and more. The Congress party's Android app, "With INC" needs access to accounts and contacts on a device, photos and files, storage, camera, and network information. The Samajwadi Party app needs the same permissions in addition to location information.

Political parties defend the app permissions claiming they are justified by the features. "The app needs access to pictures so that they can be shared and upload pictures on the app. Contact access is required to find your contacts on the app. Subscribers are sent email and WhatsApp alerts with their consent," says Divya Spandana, head of social media and digital communications, Congress. Malviya points out that one can surf the Narendra Modi app as a guest user without needing to register, and that users can pick and choose the features the app can access. "You can just deny permissions you don't want to give," he says.

A French cybersecurity researcher who goes by the pseudonym Elliot Alderson had said on Saturday that the Narendra Modi app shares registered users' data with US-based behavioral analytics company called Clever Tap. Addressing concerns, Malviya said that it was merely an analytics tool and that it did not store data. "All apps have analytical tools to give users contextualised content. Say, if the PM is visiting Tamil Nadu, users there will be prompted with that information," he says.

Sunil Abraham, executive director of Bengaluru-based Centre for Internet and Society, says one can envisage appropriate and specific purposes for which a political app needs such permissions, such as providing voice-recorded feedback on an app, or reporting potholes in road, or sending pictures of works funded by public money to a politician. "But to confirm this, the user needs to check if the app's user interface actually allows for this," he says. The justification lies in the features and services provided. "If those features exist, then such permissions are justified. If not, then they aren't."

As fears of data-harvesting and misuse loom, what can a lay user do? As a standard practice, Abraham recommends turning off all permissions for all apps, and only turning on specific permissions on a need-basis. "The user should turn off all permissions on all apps. Then they should give one-time permissions when the app does not do what they want because of lack of permission. Once they understand their own typical usage they can turn on only those permissions permanently," he says.

India is in the process of formulating a data protection framework that could possibly regulate sharing and storing of individuals' data by corporations or institutions.