Patanjali Says Kimbho Release Was Test Run and Promises to Return, but What About the Data?
Jun. 1, 2018Late last month, Patanjali dipped its toes in the telecom segment andannounced a partnershipwith state-owned telecom service provider Bharat Sanchar Nigam Limited (BSNL) to launch newSwadesh SamriddhiSIM cards.
The co-branded SIM cards, which have initially been issued to Patanjali’s employees, offer a reasonable unlimited prepaid pack along with medical and life insurance for the holders. Speaking at the launch, Patanjali co-founder Baba Ramdev reiterated the company’sswadeshisentiments and said that they only partnered with BSNL as it’s a swadeshinetwork.
Just a few days later, the company launched another unlikely product – aninstant messaging app called Kimbho–to take on the popular Facebook-owned messaging app WhatsApp. Yet again, the app was promoted as a ‘swadeshimessaging platform’ which was developed using ‘swadeshitechniques’.Ironically, theswadeshitechniques used to develop the app don’t quite match up to those of the Western rivals it’s trying to shut down.
In our testing of the app, we discovered thatnone of the app’s basic features work as advertised; calls made using the app didn’t connect and none of the messages sent were delivered. Video calling on the Kimbho app just turned on the front camera and played the ringing sound, while the recipient didn’t even receive a notification.Kimbho’s default permissions upon installation
On top of that, the appenabled a bunch of permissions by default, taking access to the device’s camera, contacts, location, microphone, phone, SMS, and storage. Well known security researcher Elliot Anderson also raised concerns regarding the app and claimed that itdidn’t even offer the most basic security measuresto safeguard the user’s data.
Despite Patanjali’s official announcement,the app’s tragic state led us to believe that it could be a fake. However, Patanjali’s spokesperson SK Tijarawalahas now announced that theKimbhoapp, which made a rather short appearance on the Play Store, was actually official andthe initial release was just a test run.
In a statement toET, Tijarawala said:
“We were only testing it for learnings and over 1.5 lakh people downloaded it. Our app is no longer available and Patanjali cannot take responsibility of various duplicate apps doing the rounds. Our app will come back again soon after we are absolutely sure of all technical issues, and we will beat WhatsApp. We will never sell private consumer data.”
Tijarawala’s recent statement raises a number of questions about the Kimbho app: Why was the app released in such a sorry state, and what indeed was the purpose of a public test run?
Secondly, why didn’t Patanjali initially clarify that the release was just a test run, or launch it under the early access program on the Play Store?
We are also wondering since the app didn’t work at all, what was Patanjali actually testing?
Kimbho installed with all permissions enabled by default, which is what you would expect from a low-quality app. As a result the app’s servers would have gathered a ton of data. What does Patanjali intend to do with the data they’ve already collected?
We’ve reached out to SK Tijarawala and Patanjali regarding all of our aforementioned concerns, but we haven’t received a response yet. There are some serious security issues to be considered. If Patanjali’s claim that the test run managed to reach 1.5 lakh users is true, then that’s a whole lot of data, not far away fromthe number of Facebook users in India affected by the Cambridge Analytica breach. We will continue to follow-up with Patanjali and publish any updates as soon as we get any statement from the company.
