A year ago we had posted about how reliance jio was sharing user location data with china
One year on and nothing has changed!!!
In this post we will expose how the reliance jio is sharing all your call data with foreign company and share with you the steps to test it your self
For the proof video see the link below
Steps to recreate
1. Download an install burp suite (free edition) from - https://portswigger.net/burp/download.html
2. Configure your android device to send the traffic via burp suite -https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp
3. Download my jio app and jio dialer application from google play store
4. Start capturing and keep intercept off
5. Goto my jio app and let it update
6. Goto home and use native dialer to make calls
7. Calling data is sent on random interval to app.cobal.mad-me.com from mobile, for fast result close all apps and open native dialer again
8. You will get the packet being sent in proxy history
From the above it is clear that jio app is using third party SDK and not verifying what data the SDK is collecting and where it is sending… this violates the user privacy.
Credits :
0 comments:
Post a Comment