Koo app found to be revealing important data of the sensitive users


More than three million people have downloaded koo app.



According to data in the last 24 hours, more than three million people have downloaded koo app. Some people in India believe that they should be using a desi aka Atmanirbhar app. But the question is arising how safe is this app for the users?


A French security researcher said, "Koo is not very safe, and currently, it is leaking a lot of sensitive user information including email ID, phone numbers, and date of birth."


French cybersecurity researcher Robert Baptiste, popularly known as Elliott Anderson on Twitter said, " he has found that it is leaking some user data. Baptiste earlier grabbed headlines after highlighting several vulnerabilities in the Aadhaar system. He has also highlighted a number of security bugs and vulnerabilities in other tech services."


According to this Koo has said, "Users enter their profile data on the app to be shared with others on the platform. That's what's displayed everywhere across the platform. While there have been false allegations of a data leak, it's just commonly called the public profile page for all users to view!”


The company in a statement said, "Koo takes pride in being an Indian company with Indian founders and in being registered here. The recent investment in Bombinate Technologies Koo’s parent company was by Mohandas Pai of 3one4 Capital, an Indian investor. Shunwei, a single-digit shareholder that had invested in Vokal, another start-up of ours which answers user questions in Indian languages, will be exiting fully. Bombinate is the parent company of Vokal and Koo."

Last night, Baptiste tweeted and said, "You asked so I did it. I spent 30 min on this new Koo app. The app is leaking personal data of its users: email, dob, name, marital status, gender."


If we take a look at the screenshot he has shared, it is clearly indicating Koo is leaking some sensitive details and it is possible that data of millions of users have already been leaked or scrapped, including data of Indian government departments and ministers who have joined the service.




Minister Piyush Goyal said on Twitter, "I am now on Koo. Connect with me on this Indian micro-blogging platform for real-time, exciting, and exclusive updates. Let us exchange our thoughts and ideas on Koo."


Replying to his tweet, another user tweeted and said, "It's storing user tokens as frontend global variables if you know the token info of a user. go to /create you can directly put values in here, with inspecting mode which I think will enable the compose button, and you can remotely tweet to that account with the token info."



On Wednesday The Koo co-founder tweeted and said, "Koo is an India registered company with Indian founders. Raised earlier capital 2.5 years ago. The latest funds for Bombinate Technologies are led by a truly Indian investor 3one4 capital. Shunwei (single-digit shareholder) which had invested in our Vokal journey will be exiting fully. There also seems to be confusion about the app's real Twitter account. While people have so far been believing that the Koo app is tweeting from @kooappofficioal, its co-founder Aprameya Radhakrishna last night said that the official account of Koo on Twitter is at @kooindia. He tweeted, "The official account of #kooapp is @kooindia. Please note."

3 views0 comments