Kimbho, the new messaging app that was just launched by yoga guru Baba Ramdev s company Patanjali has been termed as “a security disaster” by a security researcher. French security researcher operating under the alias Elliot Alderson took to his Twitter account to issue a warning regarding the Kimbho app stating that the Android app is a “disaster” in terms of security. He went on to elaborate that he could “access messages of all the users” pointing to a gaping security flaw in the app. He was able to access the personal user ID, and the phone numbers of the users using the app.
Alderson went on to point out that the app was a copy of an existing app by the name of Bolo Messenger. What is interesting is that the app description and the format for the OTP SMS for authentication for the Kimbho app were same as the one for Bolo Messenger. The backlash prompted Patanjali to take the app off from the Google Play Store. This is not the only instance where Elliot Alderson has issued a warning about popular apps or companies that ship with security holes.
Previously, Alderson called out UIDAI for issues related to privacy in their official Aadhaar app, OnePlus for collecting a considerable amount of data without indicating the scope of data collection for they OxygenOS, NaMo app, Congress app and the time when Paytm app started asking for root access. He also pointed out flaws in the official websites for Indian Post, ISRO, and BSNL.
Watch: How to install Android P Beta on select smartphones
To recap, Patanjali launched Kimbho , a messaging app for Android and iOS that bears similar features to WhatsApp. The app is available free of cost on both the Google Play Store and Apple s App Store. Kimbho supports both private and group chats and features voice and video calling as well.
The app can also be used to share photos, videos, music files, gifs, location, doodles, and stickers, pretty much everything that is supported on WhatsApp. It also carries some customization features and according to the company is 100 percent secure thanks to its AES encryption.