Anonymous alleges Reliance Jio shares user call data to foreign ad networks, Jio refutes claims
Hacktivist group Anonymous has accused Reliance Jio of using two apps for sharing user call information to ad networks abroad. Anonymous claims that MyJio and JioDialer (now rebranded Jio4GVoice) are sending user information to an ad network called Mad-Me. Now, according to hacktivist group Anonymous, Reliance Jio is sending user call data to ad networks in Singapore and the US, and making money from the same.
To support its allegations, hacker group has shared a video to point out how VoLTE call related information is being routed to servers based in Singapore and USA. They have shared a screenshot of the same for reader’s reference, and detailed a step by step process using which users can verify the breach of user privacy.
Step One: Install free edition of burp suite from here.
Step Two: Configure your Android smartphone to send traffic via burp suite. You can find the information on this page.
Step Three: Download MyJio and Jio4GVoice apps from the Play Store.
Step Four: Open the MyJio app and let it update. Use the native dialer to make outgoing call and end it. Close all apps and open the native dialer again.
Now, in burp, (under proxy and HTTP history) you will see calling data being sent to app.cobal.mad-me.com. This is despite using native dialer, and not Jio4GVoice dialer. From this, it is clear that Reliance Jio is using a third party SDK without verifying what data it is collecting, or where it is sending, thus breaching user privacy.
In an official response to the publication, a Reliance Jio spokesperson said, “Jio takes its customers’ security and privacy very seriously. In keeping with its highest standards of governance, Jio does not share its customers’ data with any other entity. Any information captured by Jio is only for internal analysis to deliver better quality of service and recommend offerings from Jio’s product portfolio.”