Reliance rubbishes allegation, says no data travel outside India from Jio Chat servers.
A war of words between Reliance Industries' Gautam Chikermane and hacker group Anonymous India broke out on Twitter on Thursday as the latter accused Jio Chat, instant messaging app rolled out by Reliance Jio, against violation of right to privacy of about 5,00,000 users of Reliance Jio Chat app in India.
Anonymous India has alleged that the app is sending data to Chinese servers.
"There is nothing equivocal about it. Over 500k mobile data taken by China made Reliance Jio app. Hosting by Chinese too," the twitter handle @opindia_revenge tweeted. It further tweeted: "One IP was pointing to USA. Two were of Godaddy hosting most likely. One is of a company in BeijingChina."
However, Reliance Jio, in its response, rubbished the allegations and said all Jio Chat data and associated servers are hosted physically in Reliance Jio data centres in India.
"No data travels outside of India from Jio Chat servers," it said.
Assuring its users that the company takes privacy and security seriously, a spokesperson added: "As part of standard development practices, the code base has reference to a number of servers, in the comment area. This is not executable code, meaning these references are not used by the application while running. Proper and complete examination of the code would show that the app does not transfer data to any servers outside of India... 'Anonymous' posters often raise false alarms by quoting items such as this out of context."
Regarding the references to Chinese map APIs, the company spokesperson said it is well known that China does not support Google Maps. Hence, being a global application, Jio Chat requires a China-based mapping service for location-based services within that country. "This is a common practice for any app wishing to provide location-based services within China. However, when used globally, Jio Chat (outside of China) always uses Google Maps. (This can be checked by anyone by using Jio Chat Location Sharing function)."
When questioned on the use of Chinese language, Reliance said: "It should be clarified that Jio Chat is developed by developers across the world, including India. Occasionally, these developers use their native language while writing comments within the APK to better understand the problem..."
It went on to say that "the analysis is published by an inexperienced novice, who either does not understand the APK coding or has deliberately tried to sensationalise the issue by highlighting irrelevant portions of the APK script..."
Earlier, after queries started pouring in from Twitterati, Chikermane, new media director at Reliance Industries, tweeted: "Dear @opindia_revenge, your rants against Reliance Jio amuse me. Facts around world's largest digital initiative follow… All user data on #JioChat is encrypted. Your fear-mongering or illiteracy won't change that User data at #JioChat is exchanged using a controlled binary encoded protocol… In the new upgrade that is being released as part of continuous enhancement, standard AES encryption is implemented… One question for you, dear @opindia_revenge: would you care to disclose who you are and who finances your operations?" (sic).
Earlier, answering tweets of Business Standard on proofs to validate the allegations, Reliance tweeted the app used Chinese geolocation service amap.
The hacker group explained in a Tumblr blog post: "There is no encryption between the person using Jio Chat app and the chinese company Amap. Hence, it makes it lot easier for the chinese hackers to snoop over your data (Whatever being sent to Amap). Know your location details as well."
"The app itself does not use HTTPS… Debug logs are in chinese. Why would Indian engineers write debug logs in chinese? Made in china (sic)," they tweeted in reply to Business Standard.
Lack of encryption in the app can enable anyone to snoop over the data that is being transmitted. "Your ISP (internet service providers), government, hackers, etc, anyone can! Now why we claim this is an app Made in China but for Indian users."
