Skip to main content

Attack of the Clones (Part 1): Drishti and vMeet


Background: India recently banned certain Chinese Apps from being used and also with that launched a campaign of being vocal for local. Essentially promoting industries and app developers alike to encourage building and using homegrown solutions. And along with that came a plethora of apps replicating different features of popular Chinese + non-chinese but popular apps trying to capitalize on the national sentiment of vocal for local.

In this series, I will try to look into a few of recently launched apps which I will call "clones" functionality wise. And also look at some of their claims where, in my opinion, they peek into the grey area too much. This is purely for archival purposes so that I can catalog my own findings and direct others here from social media debates.

Part 1

Drishti

In short, this is a Zoom rival with a very similar UI and feature set (exactly like JioMeet which we will cover in a future post). The developer claims 
"Dristi is a video-conferencing application. Which completely made in India. I have used encrypted technology . So , Your data is total secure. Not only that , I have added an extra layer of security. None can save and snapshot and record screen.
No third party login activity can access your meeting until you reveal your meeting code.
You can lock your meeting room by password also."
To assert what the application actually does and if the claims in news and play store are correct we are going to take a peek inside the app. We will go with the 1.0.5 version of the app which is the latest version available at the time of writing this blog and Play Store tells me it's last updated on 18th July 2020.

Backend:

The app utilizes public jitsi servers as it's backend. It uses a public jitsi server to establish your calls.

The application:

If we delve a little deep into the app. We start finding a reference to another app called "meet" in the source code. Including icons of the app in resources folder.
The code references are available in the following files among a lot others

Upon searching for it, we can see that an app with the exact name exists in Codecanyon which anyone can buy

This app has exactly same UI design as Drishti apart from the color scheme and logo. However you will see they also provide rebranding service for a $100 fee, if you want.

Going back to Drishti we can see it still has old icons and assets inside the apk 

With this we can safely assume that Drishti is actually vMeet. And the developer probably just bought the license to use the app and reskinned it to release in playstore.

Privacy Concerns

Once we have established that Drishti is actually just vMeet. Lets see what vMeet offers a developer, to glean what kind of data Drishti exposes as well.
If you goto the codecanyon listing of vMeet, you will realize they also allow a developer to have a web Dashboard to monitor users of the app. A demo dashboard gives us a glimpse of what Drishti's Developer has access to.

So essentially a Drishti's Developer probably has access to:
  • Names of User
  • Their meeting history along with the duration
  • Meeting Statistics
  • Ability to deactivate or activate any user profile
  • Send mass notification
And might have potential access to their emails as well. I could not confirm this just from the demo dashboard.

Recommendation:

It is sufficiently clear that Drishti is just a reskinned vMeet. According to the license agreement of vMeet, it is not illegal to buy it, reskin it and publish it. So it's not breaking any law. Claiming it to be made by someone else, completely secure and made in India are the claims we found we cannot agree with. And vMeet itself seemed like a client of Jitsi meet with the purpose of being a clone to Zoom.

Our recommendation is if you need a separate solution other than zoom, you might want to consider Jitsi Meet which has a separate app in Play Store. Which also is  open source and is the underlying server technology Drishti uses anyway.

endnote: You might have noticed JioMeet uses exactly same  UI as vMeet and Zoom. However, the codebase behind Jiomeet and vMeet is not same. It does have some interesting other caveats too which we will discuss in another blog post.

Comments

Post a Comment

Popular posts from this blog

FirefoxOS, A keyboard and prediction: Story of my first contribution

Returning to my cubical holding a hot cup of coffee and with a head loaded with frustration and panic over a system codebase that I managed to break with no sufficient time to fix it before the next morning.  This was at IBM, New York where I was interning and working on the TJ Watson project. I returned back to my desk, turned on my dual monitors, started reading some blogs and engaging on Mozilla IRC (a new found and pretty short lived hobby). Just a few days before that, FirefoxOS was launched in India in the form of an Intex phone with a $35 price tag. It was making waves all around, because of its hefty price and poor performance . The OS struggle was showing up in the super low cost hardware. I was personally furious about some of the shortcomings, primarily the keyboard which at that time didn’t support prediction in any language other than English and also did not learn new words. Coincidentally, I came upon Dietrich Ayala in the FirefoxOS IRC channel, who...
Read more

April Fool and Google Part 2: A Round Up of ALL of Google’s April Fools Jokes

Ok....this post I think will contain all of the pranks I could find  for today. After my last post here http://rkrants.blogspot.com/2012/04/april-fool-and-google-my-favorite.html Last Time I reported Only a handful of the pranks.. Understandable, as it was only the morning. After that I stumbled upon more of them Which I am gonna round up here. Now staring with the list. The very first one is obviously our favourite Google Maps Quest The above is their official video. In a post in Google Plus they say about it as follows  Today  + Google Maps  announced Google Maps 8-bit for NES. With #8bitmaps , you can do everything you'd normally do in Maps—search for famous landmarks and sites around the world, get directions and even use Street View. Just in time for April Fool's Day, Google has introduced Google Maps Quest, a retro 8-bit version of its mapping tool that is... totally awesome. In a characteristically whimsical video, availabl...
Post a Comment
Read more

Curious case of Cisco AnyConnect and WSL2

One thing Covid has taught me is the importance of VPN. Also one other thing COVID has taught me while I work from home  is that your Windows Machine can be brilliant  as long as you have WSL2 configured in it. So imagine my dismay when I realized I cannot access my University resources while being inside the University provided VPN client. Both of the institutions I have affiliation with, requires me to use VPN software which messes up WSL2 configuration (which of course I realized at 1:30 AM). Don't get me wrong, I have faced this multiple times last two years (when I was stuck in India), and mostly I have been lazy and bypassed the actual problem by side-stepping with my not-so-noble  alternatives, which mostly include one of the following: Connect to a physical machine exposed to the internet and do an ssh tunnel from there (not so reliable since this is my actual box sitting at lab desk, also not secure enough) Create a poor man's socks proxy in that same box to have...
Post a Comment
Read more