Using UMANG app? Your data might be exposed to hackers, tips to stay safe

HIGHLIGHTS

Security flaws found in the UMANG app may have exposed user data.

The government is fixing the issues and monitoring the platform.

Users should check their account details for any unusual changes.

The personal data of millions of Indians who use the UMANG app is at risk. Security researchers have recently pointed out critical flaws in the UMANG app that could have allowed sensitive personal information from several government services to be exposed. The issues were discovered in multiple modules of the platform, which brings together thousands of central and state government services in one app. The researchers said the problems were linked to the way the platform was built and may have existed for years. The government have also acknowledged the findings and stated that they are already working on a fix for the vulnerabilities while continuing to monitor the platform for any unusual activity.

Issue with the UMANG app

Security researchers Akshay C.S. and Viral Vaghela said they found security weaknesses in several UMANG services. They said these issues could expose EPFO Universal Account Numbers (UANs), LPG booking details from at least one major oil company, and Aadhaar numbers that were stored as plain text in some services. However, they clarified that the Aadhaar module itself was not affected.

The researchers pointed out that the main problem is not with any one service but rather seeded deep within the way the UMANG app was designed. They also said that they have shared their findings with CERT-In and the Ministry of Electronics and Information Technology (MeitY).

Also read: Samsung, Apple gain ground as global smartphone shipments decline amid memory shortage: Report

What did the government say?

The Ministry of Electronics and Information Technology (MeitY) confirmed that it reviewed the findings and acknowledged the issues with the UMANG app. Moreover, they also added that the development and security teams are already implementing corrective and preventive measures to keep the data of the users secured.

The ministry said that the plain text data in the affected APIs have now been encrypted, and they have also checked the API activity logs from the last three months. They further stated that the number of transactions stayed normal and the concerned authorities are actively monitoring the platform for any unusual activity.

Also read: Apple iPhone 18 Pro Max and iPhone 18 Pro may launch soon: India price, camera, display and all other leaks

How to check if your data is safe

Follow the easy steps below to check if your UMANG data is safe:

  • Log in to your UMANG account and review your saved profile details.
  • Check if your EPFO account has a change that you didn’t make or authorise.
  • Verify that there is no change in your registered mobile number or bank account.
  • Look for any unusual activity in your LPG booking history and other linked services.
Bhaskar Sharma

Bhaskar is a Senior Copy Editor at Digit India who keeps a close watch on everything shaping the world of technology from smartphones and home appliances to AI, government tech initiatives, digital safety, and the latest industry developments. Whether it's breaking news, in-depth features, hands-on reviews, practical how-to guides, or exclusive scoops, he translates complex tech into stories that are easy to understand and worth reading. His work has been featured in iGeeksBlog, GuidingTech, and other leading publications. Before joining Digit India, he served as an assistant editor at TechBloat. A B.Tech graduate and full-time tech journalist, he is driven by just one goal, which is to help readers stay informed, stay secure, and stay ahead in an ever-changing digital world.

Connect On :