Abhinav Srivastava, a 31-year old software engineer working with ride-hailing start-up Ola, has been arrested by the central crime branch (CCB) police for building a mobile application that illegally accessed data on the Unique Identification Authority of India (UIDAI) servers.
The arrest was made after UIDAI Deputy Director Ashok Lenin filed a case against Srivastava and Qarth Technologies, a company he founded and sold to Ola in March last year, with the Bengaluru Police. The case was then transferred to the cyber crime division, which is now carrying out the investigation.
“Further investigations will answer all our questions. These things take a lot of time to analyse and understand. The app has been downloaded 50,000 times, but the number of people who have used that app to verify their Aadhaar we will find out in due time,” said a police official, who did not want to be named.
Srivastava is charged with building an Aadhaar e-KYC application that was available for download on the Google PlayStore, which illegally accessed UIDAI data through the eHospital application and its server, the police stated.
It isn’t clear at this moment if Aadhaar user data was stored, but the app essentially allowed users to do verification using Aadhaar without biometric or OTP authentication. Lenin had said that the hack was active from January 1 and went undetected until July 26, after which he filed the case with the Bengaluru police.
“He had deep interest in developing Android mobile application software and till now he has developed five mobile applications. He developed the Aadhaar e-KYC verification mobile application in January 2017 and has earned about Rs 40,000 from advertisements,” the police said.
Srivastava was arrested on August 1 and is still in police custody pending further investigation.