Baba Ramdev’s Kimbho Messaging App Disappears From Google Play Store Within 24 Hours Of Its Launch
Baba Ramdev, the infamous yoga guru launched a “swadeshi messaging app”, called Kimbho in India on May 30th. The app was launched as a competition to WhatsApp which is the world’s most used instant messaging app. Kimbho, however, is no longer available for download from either Google Play Store or iOS App Store. While many are bemused by the sudden vanishing, it appears that a recent takedown of the app’s security frailties might be the prime reason behind it.
A few hours after the launch, a Twitter user who goes by the name of Elliot Anderson tweeted a series of flaws that were found in the app. The French security researcher took to Twitter and posted a few screenshots and a video. According to the video, it’s possible to choose a security code between 0001 and 9999 and send it to the number of your choice. He also tweeted that he can access everyone’s messages and that the app is a security disaster.
The @KimbhoApp is a copy paste of another #application. The description and the screenshots in the app stores are the same. Moreover, the #Kimbho app is making request to bolomessenger[.]com pic.twitter.com/gOKOhash5X
— Baptiste Robert (@fs0c131y) May 31, 2018
An even more amusing fact that he discovered is that Kimbho is an identical version of another application. The screenshots and app description of Kimbho is the same as another messaging app called Bolo. To make matters worse for Kimbho, users started receiving OTP messages for Bolo Chat App instead of Kimbho. This proved Anderson’s finding that the app is indeed built on the Bolo app and the Kimbho developers didn’t even fix the OTP SMS format.
Hi @KimbhoApp before trying to compete #WhatsApp, you can try to secure your app. It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice #kimbhoApp pic.twitter.com/YQqK8lfIeI
— Baptiste Robert (@fs0c131y) May 30, 2018
Kimbho, however, has a completely different take on the issue. According to a new tweet, the app has “extremely high traffic,” and that it “will be back shortly.”
https://twitter.com/KimbhoApp/status/1002076004590895106
At the time of its launch, a company spokesperson explained the meaning behind the app’s unusual name. Kimbho is a Sanskrit word and according to Patanjali’s spokesperson SK Tijarawala, it means “How are you?” or “What’s new?” The app has, or rather had, all the features you’d want in a messaging app. Users could send text, video, images, GIFs, stickers, doodles and more. According to the app’s description, users can block unwanted conversations or users and is encrypted by AES for security.
It appears that the people over at Kimbho realised that its security shortcomings have been exposed. Taking down the app means it’s been worked upon and it might be released in the future with better security.