Hacktivist group claims 2 apps sending info to Mad-Me network; RJio denies allegations
Reliance Jio could be making money by selling user call data to targeted ad networks in the US and Singapore without informing users, if claims by hacktivist group Anonymous are to be believed.
When contacted by BusinessLine, the group, which claims to hack companies and governments to expose them as a way of activism and goes by the Twitter handle AnonIndia (@redteamin), said two Jio apps, including My Jio and Jio Dialer, are sending user information to an ad network called Mad-Me.
“The website RJio is sending it to claims to be a platform for targeted advertising,” the Anonymous told BusinessLine in a written response.
Anonymous has also shared a detailed blog explaining how anyone could test what data Jio is sharing with international servers and recreate the hack themselves. Responding to the allegations made by the hacker group, Reliance Jio Infocomm spokesperson said: “Jio takes its customers’ security and privacy very seriously. In keeping with its highest standards of governance, Jio does not share its customers’ data with any other entity.
“Any information captured by Jio is only for internal analysis to deliver better quality of service and recommend offerings from Jio’s product portfolio.”
About a year ago, the same Anonymous group claimed that RJio chat app Jio chat was sending user data to a Chinese IP without even encrypting it, which meant that apart from your information being leaked to the Chinese, anyone could snoop into your conversation and know exactly what you’re chatting about or sharing with friends.
The app itself was coded in Chinese, which led to suspicion that the app was indeed developed by the Chinese as well. Jio had dismissed these allegations.
Anonymous acknowledged that the Jio app was now relatively more secure than it was last year.
“At least this time the traffic is going on https (encrypted), last time they did not even bother to encrypt it,” the group said.
The hacktivist collective said they tested apps from all other operators as well but only My Jio app and Jio Dialer were found to be sharing information with an ad network outside the country.
When asked why did the group choose to hack into Jio again this time, it said: “What drives us is to expose the wrongdoings of these companies…. last year also when they tried to violate the principles of nn (net neutrality)… we taught them a lesson.”
The group has in the past attacked websites of various individuals and government agencies, including TRAI and BSNL. The group had also undertaken activities to protest against Section 66A of the Information Technology Act and in support of network neutrality.
March 5, 2017 at 10:09 am
The selling of user data may cause problems to customers who may land in trouble in future. The matter needs probe and safety of the customers should be assured