Patanjali has taken down its much-publicised messaging app, Kimbho, from Google Play after cyber security experts termed it a ‘security disaster’ highlighting how users’ messages could be breached without much trouble.
Patanjali on Wednesday launched a new ‘desi’ messaging application while claiming to give stiff challenge to WhatsApp. Patanjali’s spokesperson SK Tijarawala even took to Twitter to announce that now ‘WhatsApp will be given a competition.’ His tweet read, ” Now Bharat will speak. After launching sim cards, baba Ramdev has launched a new messaging application called Kimbho. Now WhatsApp will be given a competition. Our own #SwadeshiMessagingplatform. Download it directly from Google Play store.”
अब भारत बोलेगा.!
सिम कार्ड के बाद बाबा रामदेव ने लॉन्च किया मैसेजिंग ऐप KIMBHO, व्हाट्सऐप को मिलेगी टक्कर..
अपना #स्वदेशी मैसेजिंग प्लेटफार्म। गूगल प्ले स्टोर से सीधे डाउनलोड करें।@yogrishiramdev@Ach_Balkrishna@bst_official @ANI@ani_digital@PTI_Newshttps://t.co/IxTGyLhMbq— tijarawala sk (@tijarawala) May 30, 2018
But French cyber security expert Elliot Alderson posted a short video on Twitter claiming how he could access users’ messages without much trouble. He asked people to not install the app. In a series of tweets, Alderson wrote, “This @KimbhoApp is a joke, next time before making press statements, hire competent developers… If it is not clear, for the moment don’t install this app. #Kimbho #KimbhoApp.
His next tweet said, “This @KimbhoApp is a joke, next time before making press statements, hire competent developers… If it is not clear, for the moment don’t install this app. #Kimbho #KimbhoApp.” He then called it a day by calling Kimbho a security disaster. “Ok, I will stop here. The #Kimbho #android #app is a security disaster. I can access the messages of all the users…”
Hi @KimbhoApp before trying to compete #WhatsApp, you can try to secure your app. It’s possible to choose a security code between 0001 and 9999 and send it to the number of your choice #kimbhoApp pic.twitter.com/YQqK8lfIeI
— Elliot Alderson (@fs0c131y) May 30, 2018
This @KimbhoApp is a joke, next time before making press statements, hire competent developers… If it is not clear, for the moment don’t install this app. #Kimbho #KimbhoApp pic.twitter.com/wLWzO6lhSR
— Elliot Alderson (@fs0c131y) May 30, 2018
Ok, I will stop here. The #Kimbho #android #app is a security disaster. I can access the messages of all the users…?♂️
— Elliot Alderson (@fs0c131y) May 30, 2018
On Thursday, Alderson returned to further claim that Kimbho was essentially a copy of another application. He wrote, “The @KimbhoApp is a copy paste of another #application. The description and the screenshots in the app stores are the same. Moreover, the #Kimbho app is making request to bolomessenger[.]com.”
The @KimbhoApp is a copy paste of another #application. The description and the screenshots in the app stores are the same. Moreover, the #Kimbho app is making request to bolomessenger[.]com pic.twitter.com/gOKOhash5X
— Elliot Alderson (@fs0c131y) May 31, 2018
Another user Abhishek Singh said that Kimbho was copy of another application ‘Bolo’ as he posted screenshots highlighting the striking similarities in OTP SMS format. He wrote, “It is build on an app called “BOLO”. Kimbho team is so dumb that they didnt even changed the OTP SMS format!! Even the description n pics used are same as Bolo app!”
It is build on an app called “BOLO”. Kimbho team is so dumb that they didnt even changed the OTP SMS format!! Even the description n pics used are same as Bolo app! ? https://t.co/QKGjYC1y2J pic.twitter.com/40yRxZKbLX
— Abhishek Singh (@ThakurrSaab) May 31, 2018
Interestingly, Patanjali Communications had claimed in its Kimbho’s privacy feature that it saved no data of users on their servers or cloud.