Koo is an Indian alternative to Twitter that has got quite popular in the past few weeks. From government officials to the public, many users are flocking to Koo to try out the home-grown microblogging website. This comes after Koo was adjudged the third position in the Indian government’s Digital Indian AtmaNirbhar Bharat App Innovation Challenge held in 2020.
According to a tweet by popular cybersecurity researcher Elliot Alderson, Koo app is leaking the personal data of users including details like email, birthdate, name, marital status, gender and more. In the screenshots shared by him on Twitter, we get a look at some vulnerable data sets that could be used to scrap sensitive user data.
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, … https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L
— Elliot Alderson (@fs0c131y) February 10, 2021
Koo is founded by Aprameya Radhakrishna and Mayank Bidawatka and has received investments from 3one4 Capital, Kalaari Capital and Blume Ventures.
I got into compose post without creating any account lmao pic.twitter.com/SwZISxgrxc
— (@pranaww_) February 10, 2021
“Just 10% of India speaks English. Almost 1 billion people in India don’t know English. Instead, they speak one of India’s 100s of languages. They are now getting access to smartphones and would love an internet in their language. However, the majority of the internet has been in English. Koo is an attempt to make the voice of these Indians heard. They can now participate on the internet in their mother tongue by listening to the views of some of the sharpest Indian minds and also speak their mind by sharing their thoughts,” reads the website.
Some union ministers and government officials already have a verified profile on Koo and are asking users to join the home-grown social media platform. This comes after Twitter refused to block some accounts after the Indian government ordered it by sending the social media giant a list of accounts. Twitter withheld part of the accounts in India only but refused to take action on others, “Because we do not believe that the actions we have been directed to take are consistent with Indian law, and, in keeping with our principles of defending protected speech and freedom of expression, we have not taken any action on accounts that consist of news media entities, journalists, activists, and politicians.”
Meanwhile, it remains to be seen if the Koo developers take any heed over reports of vulnerable personal user data. Aprameya has further clarified on Twitter that the official handle for Koo app is @kooindia and that @KooAppOfficial is masquerading as the service’s official account.