A Software Engg from UP took advantage of Aadhaar authentication system to access UIDAI database via his app. The accused is under arrest for developing this illegal app and is in custody for further investigation. This incident will surely make you ask “Is my Aadhaar data safe?”. Let’s find out.
Cause Of Action
Abhinav Srivastav of Qarth Technologies Private Ltd developed an android mobile application for Aadhaar e-KYC verification. The app was published on Google Play Store under developer name ‘myGov’ and over 50,000 downloads were counted. This app gained unauthorized access to NIC server via an Aadhaar authentication API hosted in a Google cloud. UIDAI Deputy Director filed a complaint on 26th July 2017, and the accused was arrested by cyber crime police on 1st August 2017. FIR registered was under sections 37 and 38 of Aadhaar Act 2016, sections 65 and 66 of IT Act of 2000, and sections 120 B, 468 and 271 of the Indian Penal Code.
Preliminary enquiry of the accused revealed that he was an MSc post graduate in chemistry from IIT Kharagpur. He worked as security researcher and software developer in several companies before he joined OLA, where he is currently working as Software Development Engineer.
He developed five mobile apps viz Aadhaar Status, Aadhaar e-KYC Verification, Aadhaar e-KYC, Consumer Forum India and Train Enquiry. Out of which the Aadhaar e-KYC Verification app got access to UIDAI data through “e-Hospital” app and its server. He made around Rs. 40,000 advertising revenue with the illegal app by using Aadhaar data as the content. The Police have seized his Laptop and other equipment worth Rs 2.25 lakh. His developer account, apps, and other hosted contents are no more live.
Response from Authorities
Ola responded in social media that they neither commissioned nor is involved in any such activity. Meanwhile, UIDAI has responded to the public rumours saying the Aadhaar data is still safe. The app only gave access to Aadhaar data of an individual upon one’s consent via OTP authentication. So it is not possible for others to collect the data. However, the authority warned the public not to share Aadhaar number to any unauthorized or unknown website or app.
“The residents should share or provide their Aadhaar numbers only to the official government sites, authorised agencies, banks, and telecom companies and other service providers after doing due diligence and verifying the authenticity of such sites. In the case of any doubt, the residents seek the help of UIDAI help line, 1947 or firstname.lastname@example.org to reaffirm whether the website or app is authorised or not.”
This incident is surely a matter of privacy invasion. Moreover, the general public can’t distinguish between legal and illegal apps or websites related to UIDAI. Since inception, several sites and apps have sprouted to take advantage of this situation. So it is better to seek help from UIDAI before proceeding with e-KYC authentication in every random app you find on the web. Also, to be on the safe side, lock your biometrics data with the help of mAadhaar official app, until the need arises. Hope this article helped you, Peace!