Reliance Jio has been the talk of the town in India and ever since they announced free calls for everyone, the popularity has soared to an all new level. Almost a year back, Anonymous India had warned people about how Reliance Jio is allegedly sending private data including user location data to China. Fast forward, even after a year, nothing seems to have changed, as according to Anonymous India, Reliance Jio is still sharing all the call data with foreign companies and has also published a self-explanatory tutorial to prove these allegations.
The problem is only more aggravated now since unlike last year, Reliance Jio has millions of users on board. This time around, Anonymous India has data that says that Reliance Jio is still sharing users’ call information with servers based in US and Singapore. Any data that is being shared to a third party agency spells trouble for individual’s privacy and also concerns national security.
Anonymous India claims that two of the Jio apps including My Jio and Jio Dialer (previously Jio Join) are sending user information to a mobile engagement platform by the name Mad-Me, which is nothing but an ad platform. The Mad-Me platform has their servers setup in the US and this might also be the reason why Reliance is sending data to the US servers. However, this time around, at least the data is being sent through an encrypted https.
Anonymous India has lately emerged as one of the prominent names when it comes to exposing flaws in internet security and waging a war against cyber terrorism. Outlined below are steps as detailed out by Anonymous that show how Reliance Jio is sending information to third party,
- Install burp suite free edition from here.
- Setup your Android device to route the traffic via burp suite.
- Ensure that you have My Jio app and Jio dialer app installed and updated.
- Begin capturing and turn off the intercept.
- It can be observed that calling data is sent at random interval to app.cobal.mad-me.com.
- Despite using the native dialer one will still see the packet being sent in proxy history.
Please note that TechPP hasn’t been able to independently verify the accusations.
Anonymous further claims that Jio app is using third party SDK without verifying the data sent over to the SDK and this in itself violates users’ privacy. It’s unclear why Jio has to share the actual call details including the numbers and call duration to ad networks. That said, it is yet to be seen what Reliance has to say about this.