Kimbho, the messaging app from Yoga guru Baba Ramdev, has been tagged as a “security disaster” by experts. Well-known French security researcher Elliot Alderson claimed on Twitter that he could easily access all the messages of the user, which raises security and privacy concerns. He also showed a video how easy it was “possible to choose a security code between 0001 and 9999 and send it to the number of your choice”.
Alderson, who has previously highlighted vulnerabilities in the mobile app of Prime Minister Narendra Modi, believes the app is a copy of an existing messaging app by the name of ‘Bolo’. In his investigation, Alderson found that the app description and format of the OTP SMS for authentication for the Kimbho app were the same as one for Bolo. At the time of writing, the controversial chat app is no more available to download on the Google Play store but can still be found on the Apple App store.
The @KimbhoApp is a copy paste of another #application. The description and the screenshots in the app stores are the same. Moreover, the #Kimbho app is making request to bolomessenger[.]com pic.twitter.com/gOKOhash5X
— Elliot Alderson (@fs0c131y) May 31, 2018
— Elliot Alderson (@fs0c131y) May 30, 2018
The ‘Kimbho’ app has been seen as a ‘swadeshi’ rival to WhatsApp, one of the most popular messaging apps in India with over 200 million users. It offers similar features as WhatsApp and yes, it is absolutely free to download. Unfortunately, the app has seen many negative reviews, with a number of people facing issues to send messages to contacts and so on.
Just a day back, Patanjali’s spokesperson S K Taijarawala tweeted from his account confirming the launch of the Kimbo messaging app. Interestingly, the Android app was developed by Patanjali Communication while the iOS app has been developed by Appdios Inc as the developer. Baba Ramdev is yet to speak about the app, his official Twitter handle has retweeted an article about Kimbho.