Koo has started attracting a lot of users from Twitter as celebrities have started making a switch and the app is now enjoying a surge in number of users but the app has also attracted some keen eyes as a result of which, its security is now being questioned.
As per a French cybersecurity researcher Robert Baptiste, popularly known as Elliott Anderson on Twitter, the Koo app is leaking a lot of sensitive user data including email ID, phone numbers and date of birth. This is not the first time the researcher has pointed out bugs and security vulnerabilities in the tech world.
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, … https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L
— Elliot Alderson (@fs0c131y) February 10, 2021
For proof, the researcher has also shared screenshots on Twitter along with the caption stating, “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking personal data of its users: email, dob, name, marital status, gender”. Going by the screenshots, it does look like the Koo app misses out on a good level of security and is leaking user data.
While giving a reply to the allegations, Koo has said, “Users enter their profile data on the app to be shared with others on the platform. That’s what’s displayed everywhere across the platform. While there have been false allegations of a data leak, it’s just commonly called the public profile page for all users to view!”
In reply to Koo’s answer, Robert tweeted that its a lie as he checked this point before and it wasn’t true
Things don’t end here as Robert further shared some Whois documents for the domain kooapp.com that allegedly reveals a chinese connection. The domain details that Baptiste shared shows the history of the ownership of the domain according to which it has gone through multiple ownerships. It’s latest owner is Bombinate Technologies Private Limited that came to own it only in late 2019 and is also the company behind Koo.
The chinese connection however is related to small investment by Shunwei, which is a venture capital fund that invests in startups. Talking about this Chinese investment, the company in a statement said, “Koo takes pride in being an Indian company with Indian founders and in being registered here. Recent investment in Bombinate Technologies Koo’s parent company was by Mohandas Pai of 3one4 Capital, an Indian investor”.
“Shunwei, a single-digit shareholder that had invested in Vokal, another start-up of ours which answers user questions in Indian languages, will be exiting fully. Bombinate is the parent company of Vokal and Koo”, it added. This means that the app does have a chinese connection which is now reportedly quitting.