Ever since Reliance Jio announced the launch of its commercial services with unlimited free local and national outgoing calls, and unlimited SMS, the telecom operator has been the talk of the town. In fact, its Welcome Offer where users get free unlimited access to high-speed mobile data, voice and video calls, and its range of content services, has garnered much interest among prospective customers. Now, according to hacktivist group Anonymous, Reliance Jio is sending user call data to ad networks in Singapore and the US, and making money from the same. Also Read - Reliance JioFiber plans with free Voot Select subscription: Check plans, price, and other benefitsAlso Read - JioFiber broadband plans with free Netflix subscription: Check plans, price, data benefits, more
The hacker group, which has time and again claimed of hacking governments and companies to expose them claims that MyJio and JioDialer (now rebranded Jio4GVoice) are sending user information to an ad network called Mad-Me, BusinessLine reports. The website RJio is sending it to claims to be a platform for targeted advertising, AnonIndia (@redteamin) told the publication. This is not the first time that Anonymous had alleged Reliance Jio of sending unsecured data. Back in June 2015, it claimed Reliance Jio was sending data to Chinese servers using its Jio Chat messaging app. The group also went ahead with a blog post, explaining how anyone can test if Jio is sharing details with international servers. Also Read - How to get free Netflix subscription: Just follow these steps
To support its allegations, hacker group has shared a video to point out how VoLTE call related information is being routed to servers based in Singapore and USA. They have shared a screenshot of the same for reader s reference, and detailed a step by step process using which users can verify the breach of user privacy. ALSO READ: Reliance Jio SIM card may soon be delivered at your doorstep: Report
How to verify if Reliance Jio apps are violating user privacy
Step One: Install free edition of burp suite from here.
Step Two: Configure your Android smartphone to send traffic via burp suite. You can find the information on this page.
Step Three: Download MyJio and Jio4GVoice apps from the Play Store.
Step Four: Open the MyJio app and let it update. Use the native dialer to make outgoing call and end it. Close all apps and open the native dialer again.
Now, in burp, (under proxy and HTTP history) you will see calling data being sent to app.cobal.mad-me.com. This is despite using native dialer, and not Jio4GVoice dialer. From this, it is clear that Reliance Jio is using a third party SDK without verifying what data it is collecting, or where it is sending, thus breaching user privacy. ALSO READ: Reliance Jio targets 250 million subscribers based on response to Jio Welcome Offer: Report
In an official response to the publication, a Reliance Jio spokesperson said, Jio takes its customers security and privacy very seriously. In keeping with its highest standards of governance, Jio does not share its customers data with any other entity. Any information captured by Jio is only for internal analysis to deliver better quality of service and recommend offerings from Jio s product portfolio.