1/ In this request, the @narendramodi's #Android#application sends silently and without the user's consent, his IP address and a unique identifier of his phone.
This personal data is sent to the website api.narendramodi.in which is located in the US.
2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is considered as a personal data, the user must give his consent and must be able to opt out from this data collection.
4/ Moreover, not asking the user consent is a clear violation of the Google Play developer distribution agreement play.google.com/about/develope…
5/ The unique phone identifier send by the @narendramodi's #Android#application is composed of multiple device specific information: board, brand, name of the instruction set, name of the industrial design, manufacturer, model, name of the product
First thing first, we are talking about this app "Bolo Messenger - Secure Chat, Voice & Video Calls" which is the new version of the #Kimbho app play.google.com/store/apps/det…
When you send a message with the #Bolo app, it is checking if your contact is online with this request. The endpoint is taking the "contact userId" (the 1st black rectangle in the picture)
Time for a new thread. The #android#application called @moinsbete is one of the most downloaded applications in France. This app is sending without your consent your personal data to @mopub:
- location
- operator
- mcc
- mnc
- country
- screen size
Yes, all these requests to @mopub are HTTP requests... Welcome to 2018...
This is a very good example of data abuse. Every time you open the @moinsbete#android#app with location on, your location is send without your consent to an US based server owned by @mopub
The samples are available on @koodous_project and @virusbay_io
28c69801929f0472cef346880a295cdf4956023cd3d72a1b6e72238f5b033aca
679d6ad1dd6d1078300e24cf5dbd17efea1141b0a619ff08b6cc8ff94cfbb27e
990d278761f87274a427b348f09475f5da4f924aa80023bf8d2320d981fb3209