French security researcher Robert Baptiste, aka Elliot Alderson (@fs0c131y on Twitter), has said that Koo, the Indian microblogging site, which is being seen as an alternative to Twitter, exposes users’ personal data.
Baptiste spent 30 minutes on Koo, at the request of Twitter users, and found that it exposes users’ sensitive information such as email addresses, names, gender, and more.
He posted screenshots on Twitter and suggested that it was easy for him to get to the personal information of users of Koo. He said the app leaked personal data of its users including email, date of birth, marital status, and gender.
In more screenshots, Baptiste also suggested that Koo had a domain registered in the US with the registrant based in China.
In response to Baptiste’s data leak accusation, Aprameya Radhakrishna, developer and co-founder of Koo, tweeted: “Some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile, you can see it anyway.”
Baptiste, however, countered: “Koo founder commented (about) the leak. It’s a lie. I did check this point (on whether the data visible is what the user has voluntarily shown) before tweeting and it was not true.”
Koo is being promoted after Twitter refused to block some accounts related to the ongoing farmers’ protest at the request of the government. The app, according to the developer and co-founder Aprameya Radhakrishna, has over 3 million downloads on Android and iOS. People who have migrated to it have said they prefer it as it is a homegrown app.
Koo had won the government’s Digital India AatmaNirbhar Bharat Innovate Challenge 2020, initiated to encourage local app development. Koo was launched in March 2020.