Patanjali's Kimbho app removed from Play Stores: Was it a trial or a security disaster?

Earlier this week, Yoga Guru Baba Ramdev-led Patanjali removed its Indian version of WhasApp - Kimbho - from Android's Play Store and iOS' App Store. Patanjali claimed that the instant messaging app was released for one-day trial and would be back on app stores officially very soon after technical development phase was over.

But, if you still see any Kimbho app on stores, those are the fake ones, according to Patanjali spokesperson S K Tijarawala.

After pulling out Kimbho from play stores, Patanjali spokesperson said: "We put our trial version of Kimbho app on Google Play Store and Apple Store for trial for a day only and we had witnessed around 1.5 lakh downloads in the first three hours. We thank the people for such encouraging response." He further said that the trial version of Kimbho app is no longer available for download on any platform. "We don't take any responsibility for many duplicate apps showing on anywhere,"  S K Tijarawala added.

While Patanjali claims that it was a day-long trial, experts believe that it was the security threat that prompted the company to pull down Kimbho. A French security researcher, who tweets under pseudonym Elliot Alderson, said that "when you make a press release and launch your app publicly, it's call an official launch. This is not how trial is done".

Interestingly, the removal of Kimbho from stores had come soon after Elliot had called the messaging app a 'security disaster'.

Ok, I will stop here. The #Kimbho #android #app is a security disaster. I can access the messages of all the users...

- Elliot Alderson (@fs0c131y) May 30, 2018

Immediately after the launch, the French security researcher had claimed that he can access all the messages of users on Kimbho App. He said: "This KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app."

This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app. #Kimbho #KimbhoApp pic.twitter.com/wLWzO6lhSR

- Elliot Alderson (@fs0c131y) May 30, 2018

Elliot isn't alone in believing that Kimbho was a security failure. Senior Counsel Prashant Mali, who is cyber security and cyber law expert, said that Patanjali's IT Team did the same thing as BHIM App. "No or little testing was done and such incidents expose huge data of Indian citizens to risk... such incident gives bad name to Make in India...Ramdev's team should understand Make in India means not make only the label in India but the product too and cyber safe one," Mali said.

 

Here are some of the features of Kimbho, as Patanjali claims

• Kimbho is being promoted as a swadeshi messaging platform that will compete with Facebook's messaging app WhatsApp.
• Kimbho has dozens of features to share Text, Audio, Photos, Videos, Stickers, Quickies, Location, GIF, Doodle and more.
• Kimbho claims that the messages are end-to-end encrypted by AES and no data is saved on their servers or cloud.
• Kimbho allows different themes within the application. The user can pick their favourite wallpaper and "get fresh experience every time."

Earlier this week, Patanjali formed an alliance with state run BSNL to offer co-branded - Swadeshi Samriddhi SIM cards to its employees.          

(With inputs from PTI)