Late in May, Patanjali came up with a 'Made in India' chat app called Kimbho to challenge WhatsApp. But the app was taken down official in less than 24 hours as the security experts claimed it a disaster. The developers of the app accepted security flaws and the company Patanjali assured to relaunch the app after fixing the flaws.
Now, a new app called Bolo Messenger has been released and is available on Google Play Store. This app is claimed to be the relaunched Kimbho app as its icon is none other the one used by Kimbho. Also, the email ID and address of the developer Aditi Kamal are mentioned on the Google Play listing of this app.
What's more interesting is that the Bolo Messenger's official website touts is to be a swadeshi app. The app claims to provide end-to-end encryption with AES (Advanced Encryption Standard). It also says that the sent messages can be auto-deleted.
Bolo Messenger isn't the new Kimbho app
Regarding the Bolo Messenger app, SK Tijarawala, the spokesperson of Patanjali took to Twitter that it isn't the updated Kimbho app. He added that the Kimbho app is under development and will be launched soon. The app will be released with new features to revolutionize messaging, he tweeted.
Moreover, the users who have received with Kimbho have also got an SMS from the Kimbho team that the app will soon be available on Google Play Store and App Store. It stated that there are companies using Patanjali's name to promote their fake apps.
Security flaws of Bolo Messenger
The developer of Bolo Messenger app challenged the security researcher Elliot Alderson on Twitter. Within a few hours, the security researchers found major flaws in the app. It was found that the app could let you see someone's online status even if the contact is not saved.
Also, the critical information is stored in clear text in a shared preferences file. This file has the token used to make all requests to the server. It doesn't require a root to access this file. The default settings haven't been changed and this lets hackers to backup the data of the app once this file is accessed, the security researchers added.