Hi #Aadhaar
! Can we talk about the #BenefitsOfAadhaar for the #India population?
I quickly check your #android app on the #playstore and you have some security issues...It's super easy to get the password of the local database for example...
http://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus …
-
-
-
Woohoo! sounds like a lot of people are interested by
#Aadhaar. I know what I will do during my flight now
Show this thread -
A lot of people asking me how bad is the generation of the local database password in the
#Aadhaar#android#app. I published a small POC here: https://github.com/fs0c131y/AadhaarDatabasePasswordPOC … If you start the application multiple times you will see that the generated password are always the samepic.twitter.com/U5TRTHiWen
Show this thread -
Storing data in a local database is a common practise in the
#Android world. In the#Aadhaar#android app they store: - user password data (hash) - notification - Ki value - EKYC Profile Data - Biometric Prefs - Bio Lock Timeout - App Configurationpic.twitter.com/cCfaAKFVkB
Show this thread -
According to the official documentation, https://aadhaarapi.com/aadhaar-response-format/ …, EKYC Profile Data contains the following data: - User_Id - Aadhar_Id - Name - Dob - Gender - Address - Photo - ...pic.twitter.com/x1TI9uXXTM
Show this thread -
So
@UIDAI you are storing a biometric data on the local database: the photo of the user.Show this thread
End of conversation
New conversation -
-
-
Careful with the india... a journalist face lawsuit for expose a breach in the systemhttps://www.washingtonpost.com/news/worldviews/wp/2018/01/08/an-indian-journalist-exposed-a-huge-breach-in-a-government-database-now-shes-facing-a-police-complaint/ …
-
Yep I saw that...

-
A woman with so many ressource, im sure she got some plan for this kind of things.... but still it's a shame some country react like this.
End of conversation
New conversation -
-
-
They included a UAT env. URL there pretty sure some logins related to it will be there. Or at least a proxy which will connect client (app) to it. Not rev. eng. guy but this may happen after all its INDIAN GOVT DEVELOPERS.
-
New conversation -
-
-
Imagining what kind of prjct mgrs and tech leads were recruited. Untested glitchy apps with very low security. Even the Aadhaar website does not pass basic testing for kid level stuff like entering data in input fields. Even for low end tech jobs, such coders are rejected.
-
New conversation -
-
-
I'm a VIDEO GAME developer and even I know my build.gradle better than this...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Url in first 2 lines of sounds like maadar, enough to scare hackers


Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Following
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
