UPDATED: Why you should not use the NIMC app yet

by | Aug 17, 2020

The National Identity Management Commission (NIMC) reportedly has a mobile app that allows registered citizens to generate their National ID card. But our investigation reveals that this might have been used to steal people’s private credentials.

On the surface, it seemed like the Nigerian government wanted to optimise the National Identification card collection process which has dragged for more than a decade.

A tweet that probably drew Nigerians’ attention to the seemingly new development claimed to have gotten it done in a few minutes.

It outlined the processes involved which included a link to download a mobile app. The app, named Mobile Web Service (MWS: NIMC MobileID) supposedly powered by NIMC, was available on Google Playstore and Apple store.

Typically, the information quickly began to get attention on the social media platform, but after the excitement, it began to draw other emotions like frustration and confusion.

There were a series of complaints on Twitter and on the app’s review page on the app store. Most of these complaints were either about getting another person’s information or encryption errors.

As at press time, the app no longer exists on the mobile app stores. While there’s no verified reason behind this move, it confirms a number of suspicions.

Advertisement

If this isn’t a case of NIMC plucking out a faulty system, it could be that the supposed tech team behind the app found a way to cover their tracks.

What is clear, however, is that a lot of data has been exposed to risk. Meanwhile, Techpoint Africa reached out to the Commission for clarification without any response.

What’s it about MWS?

The result of our investigation showed that the app was released on Google Playstore on July 15, 2019. And as of August 15, 2020, there were already more than 10,000 downloads.

We also noticed that app reviews dated back to August 2019 even reflected unresolved issues. Asides this, the most recent update, which probably drew the attention of most Nigerians, took place on July 31, 2020.

On the app’s description, it was stated that another update for version 2.0 — the current version was 1.90 — was set to be released by August 2020. The app claimed that the Federal government of Nigeria will release an official press statement informing citizens of the mobile application after the update.

NIMC MWS

MWS: NIMC MobileID app description

While this came with its own confusion, we scoured the NIMC official website for any hint of this claim but found none. Apparently, the only national ID detail you can get digitally is by dialing a USSD code — *346# — to get National Identification Number (NIN).

Based on reactions on social media, Nigerians were more worried about the faulty app than the credibility or even an important issue like data privacy.

What could have gone wrong and why you should be worried?

Despite the similarity in the web interfaces, we discovered that the MWS: NIMC MobileID website is a subdomain — https://m.nimc.gov.ng/ — of the official website of the NIMC — https://www.nimc.gov.ng/. Asides the concern of whether or not the former is official, there’s no link on the official site redirecting to the MWS website.

NIMC 1

Comparing NIMC official website and MWS MobileID website

Since the NIMC handles large datasets, this could have been a case of information mix up. However, the high number of complaints, even after a supposed second upgrade in July, gives cause for alarm.

How this app was able to get the information of some people right is not clear. Recall that something similar occurred where details of some African tertiary institutions were exposed.

Unscrupulous entities can easily harvest data from one source and upload it on another platform to probably mine for more data.

While data privacy issues might not be taken seriously in African climes on many levels, there are several reasons this should be a cause for worry.

In a previous report, we revealed how Nigeria ranked the second-highest victim of Cybercrime globally in 2020.

Given the government’s silence on this recent event, it is expected that some steps will be taken to salvage what has happened whether or not the Commission has something to do with it.

Meanwhile, as Nigeria works towards achieving a unified database, it should also put data protection plans in place.

Subsequently, we recommend that users should download apps only from trusted developers. Ordinarily, there should be a link to the developer’s website on the app store to do this, but when it is not, check the Internet to verify.

Featured image credit:  Jerry Durojaiye from Twitter


UPDATE [AUGUST 17, 2020]: NIMC released an official press statement. Here’s an excerpt:

Our attention has been drawn to several complaints about the NIMC Mobile App. We will like Nigerians to be aware that the App is a novel innovation by the Commission, but it is yet to be officially approved for public consumption.

The app is still in the test environment and currently being fine-tuned to give users the best experience with adequate privacy and data security safeguards. Once the test stage is concluded, the Commission will issue a formal statement regarding its usage by our esteemed NIN registered persons.

In the same vein, we want to assure Nigerians of the security of their data. The data is securely encrypted both in transit and at rest.

Looking to transition into tech? Learn how to code in 1 year with AltSchool Africa. Earn a diploma in software engineering at $0. Apply Here.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Betting $165 million on Africa’s B2B eCommerce in 2021

Betting $165 million on Africa’s B2B eCommerce in 2021

While Africa’s eCommerce struggles frequently make the news, investors have bet a combined $165 million on a growing class of startups in 2021. Today on #TechpointDigest, @eruskkii discusses the rise of B2B marketplaces in Africa.

Subscribe to Techpoint Digest!

A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day!

Please check your email to confirm your subscription.

Subscribe to Crypto Explorer

A monthly series featuring in-depth analysis on the cryptocurrency sector in Africa

Please check your email to confirm your subscription.

Subscribe to The Experts

A bi-weekly where tech career specialists take us on their journey from newbie to expert, and how they became successful in the industry.

Please check your email to confirm your subscription.

Subscribe to Founder's Table

A monthly series, where we catch up with founders in the startup ecosystem, learn about their failures, successes and a few tricks of the trade

Please check your email to confirm your subscription.

Copy link
Powered by Social Snap