Koo App Leaking Personal Data, Has a China Connection: French Security Researcher

Social media platform Koo has gone viral thanks to a tussle between Twitter and the Indian government, but should you join it?


Viral Indian social media platform Koo may not be the most secure. French security researcher, Robert Baptiste — who goes by Elliot Alderson on Twitter — has found chinks in the platform’s systems. Baptiste posted screenshots on Twitter showing that Koo is leaking certain personal information from its user accounts. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of his users: email, dob, name, marital status, gender…” Baptiste said on Twitter today. He also posted a second screenshot suggesting that the app has Chinese connections.

Koo’s worst fears confirmed – A China connection

— Elliot Alderson (@fs0c131y) February 10, 2021

The second screenshot shows that at least one of Koo’s servers is based in the United States and was registered by a Chinese individual named Tao Zhou, who is based in Jiangxi, China. The app used to count Chinese venture capital firm, Shunwei Capital, among its founders earlier, but co-founder Aprameya Radhakrishna had said they’re in the process of exiting the company.

While the leaked user data doesn’t seem to be the most sensitive, the Chinese connection may haunt Koo, which has gained from the nationalism wave in India. The app had also won the Prime Minister’s Aatmanirbhar App Innovation challenge earlier, and has heavily marketed its Indian origins. Apart from the Chinese connection, companies big and small have been hurrying to bring their servers inside India, expecting regulations to the same effect from the government soon.

Various ministers in India, including Union Ministers Piyush Goyal and Ravi Shankar Prasad, have already joined the homegrown platform. Koo also counts cricketer Anil Kumble amongst its users, while Prime Minister Narendra Modi had himself talked about the app in an episode of his Mann Ki Baat program. The government may find itself in an embarrassing situation if Koo is found to be in violation of rules that have led to bans on so many apps recently.

According to reports, Koo has gained over three million new downloads over the past three days, thanks to a tussle between the government and Twitter. The American micro-blogging platform refused to fully comply to a government takedown request for over 1100 accounts yesterday, which led the Ministry of Information and Technology (MeitY) to respond on Koo.