Following reports that the Narendra Modi app was sending user data to third-party domains belonging to a app marketing company CleverTap, the BJP’s IT cell denied the allegations, saying that the data was being used to offer users contextual content to enhance their experience of the app.

Now, the the ruling party is going one step further, and accusing the Congress of sharing user data with “practically anyone”.

A tweet posted by BJP’s Amit Malviya last evening quotes a disclosure on the official INC website, and ridicules the party for sharing data with “undisclosed vendors, unknown volunteers, even groups with similar causes”. As can be seen from the embedded tweet below, Malviya goes on to accuse the Congress of outright data theft, saying that the party has “never been discreet” about stealing user data.

Congress, however, has denied the allegations, saying that it doesn’t collect any personal data through the INC app. According to a tweet from the party’s social media spokesperson Divya Spandana (aka Ramya), the company discontinued the app a long time ago. She went on to say that the party only collects data through its website, and that too, only for membership purposes.

It all started Saturday night when Rahul Gandhi seemingly mocked the PM for the NaMo app’s apparent lackadaisical attitude towards data privacy.

Gandhi’s tweet was based on media reports that cited tweets by famed cyber-security expert Elliot Alderson, who claimed Friday that the Narendra Modi app was sending personal user data to a US domain that’s classified as a phishing link by cyber-security firm G-Data.

While the privacy policy of the NaMo app has been updated after the issue came to light, NDTV claims that until Sunday, the privacy policy on the official Narendra Modi website read, “Your personal information and contact details shall remain confidential and shall not be used for any purpose other than our communication with you. The information shall not be provided to third parties in any manner whatsoever without your consent”.

The updated version, however, says that the “information may be processed by third party services to offer you a better experience as stated above: name, email, mobile phone number, device information, location and network carrier”.

Alderson also looked in to the Congress app on Android and found some glaring security holes in it as well. He also discovered that the app is sending data to servers located in Singapore.

Ominously, INC seems to have taken down the app after these discoveries.

The mud-slinging and allegations are not likely to stop in the coming days as more and more people become aware about the data collection practices employed by official political apps of India. We will be bringing you all the fallout from this controversial issue as it unfolds.