Baba Ramdev-owned consumer product conglomerate Patanjali launched a WhatsApp-rival Kimbho messenger app in India via Google Play and Apple App store on May 31. But, within a few hours, it was taken down from both the mobile OS platforms.
French security expert Robert Baptiste, who goes by the moniker Elliot Alderson(@fs0c131y) raised doubts on the Kimbho's user privacy security. Alderson, who is credited to have found flaws in Aadhaar ID system, termed the desi app as a 'security disaster'.
Alderson even shared a video showing the flaws in the security of message stored in Kimbho app.
"This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app. #Kimbho #KimbhoApp," Elliot Alderson said on Twitter.
Hi @KimbhoApp before trying to compete #WhatsApp, you can try to secure your app. It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice #kimbhoApp pic.twitter.com/YQqK8lfIeI
— Elliot Alderson (@fs0c131y) May 30, 2018
Soon, other local cyber experts too ascertained that the Kimbho was a copy of a lesser known messenger Bolo app. The former's app developers used the name 'Bolo' in the messenger description, in the coding of the app and also in OTP (One Time Password) creation setup.
This thing is leaking contacts, has open api keys, passwords, dev tokens and god knows what else. What were they thinking?! pic.twitter.com/cuzDnZyfBv
— __rish__ (@prohack) May 31, 2018
Another Cybersecurity enthusiast Rish shared a screenshot of the Kimbho app API, which showed security loophole that would help hackers easily steal contacts, open API keys, passwords, dev tokens and more.
This apparently caused an uproar on social media channels with several users panning the Kimbho app creators.
Now, the company spokesperson Tijarawala on Twitter has announced that Kimbho release was a beta app testing and Patanjali engineers are still working on completing the application. Also, he assured users that the fully functional app will be released soon. Tijarawala also thanked citizens for the overwhelming response as Kimbho was installed on more than 1.5 lakh devices within three hours after the launch.
#पतंजलि ने #किम्भो एप मात्र 1 दिन के लिए प्ले स्टोर पर ट्रायल पर डाला था। मात्र 3 घंटे में ही 1.5 लाख लोग इसे डाउनलोड करने लगेेेे। हम इस भारी व उत्साहजनक रेस्पॉन्स के प्रति आभारी हैं।
— tijarawala sk (@tijarawala) May 31, 2018
Technical work is in progress &#KIMBHO APP will be officially launched soon @yogrishiramdev pic.twitter.com/hbcq8qpiPS
Having said that, Patanjali engineers have to recreate entire Kimbho messenger app from scratch. They simply can't blatantly copy paste codes from a different (Bolo) app and brand it as their own or else they risk getting sued for intellectual property theft and end up paying hefty penalties.
Only way Kimbho creators can restore faith in users is when they show their app is compliant with EU's General Data Protection Regulation (GDPR) act, which safeguards user data in social media websites and mobile apps. Even Facebook, WhatsApp and Google have updated their user privacy guidelines.
