Koo denies claims after cyber expert Elliot Alderson says app is leaking users’ personal data


Amid the ongoing free speech debate between Twitter and the Indian government, a made-in-India app called Koo has been gaining popularity – especially among Union ministers and the government departments. On Wednesday, the microblogging platform, Koo, crossed the three million users mark. However, in middle of the surging migration to the app, French cyber expert, Elliot Alderson, has reportedly found that the app has been leaking its users’ personal data, including email, birth date, name, marital status, and gender.

Alderson shared another screenshot which shows that the Koo app is registered in China and is based out of the United States.

Meanwhile, dismissing the rumours, Aprameya Radhakrishna, the co-founder of Koo

, put out a tweet saying that the “data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak.” However, Alderson responded to the tweet saying Aprameya’s claims were false.

As per Koo‘s Terms of Services, which were updated on 1 January, 2021, users give the platform a license to maintain, delete or destroy all information and content uploaded to the platform. However, the terms also clarify that the company will not share personally identifiable information without users’ prior permission.

An excerpt from the Terms of Service reads:

“We reserve the right to maintain, delete or destroy all information, Content and materials posted or uploaded through the Service(s) pursuant to our internal record retention and/or destruction policies, upon reasonable notice provided to the you. We (may/may not) make use of third party cloud services provider or our own service infrastructure for hosting the servers and databases. While we make commercially reasonable efforts to ensure that the data stored on our servers is persistent and always available to the User, we will not be responsible in the event of failure of the third-party servers or any other factors outside our reasonable control, that may cause the User data to be permanently deleted, irretrievable, or temporarily inaccessible”.


(Also read: Twitter is welcome to do business in India, but it must respect Indian laws: MeitY)

Aprameya shared another tweet recently saying that Koo is made in India and its servers are also based in India.

Amid the questions about the app’s “Indian-ness”, a CNBC TV18 report claims that Koo has a Chinese investor Shunwei Capital on board who is on its way out. “Shunwei Capital is a very small stakeholder in the company right now which will get bought out. They are in the process of exiting,” Aprameya Radhakrishna said.

(Also Read: Full text: Twitter responds to Indian government’s order to ban 1,178 accounts, underlines free expression)

Separately, the Koo co-founder recently also tweeted that since the issue was flagged, email logins on the platform have now been disabled.

We have reached out to Koo to learn more about the alleged data leak, and to understand, if true, how many users may have been affected.

(Also Read: India-made Koo sees surge in users amid Centre’s row with Twitter: A look at platform espoused by key Union ministers)