Skip to main content

Attack of the Clones (Part 1): Drishti and vMeet


Background: India recently banned certain Chinese Apps from being used and also with that launched a campaign of being vocal for local. Essentially promoting industries and app developers alike to encourage building and using homegrown solutions. And along with that came a plethora of apps replicating different features of popular Chinese + non-chinese but popular apps trying to capitalize on the national sentiment of vocal for local.

In this series, I will try to look into a few of recently launched apps which I will call "clones" functionality wise. And also look at some of their claims where, in my opinion, they peek into the grey area too much. This is purely for archival purposes so that I can catalog my own findings and direct others here from social media debates.

Part 1

Drishti

In short, this is a Zoom rival with a very similar UI and feature set (exactly like JioMeet which we will cover in a future post). The developer claims 
"Dristi is a video-conferencing application. Which completely made in India. I have used encrypted technology . So , Your data is total secure. Not only that , I have added an extra layer of security. None can save and snapshot and record screen.
No third party login activity can access your meeting until you reveal your meeting code.
You can lock your meeting room by password also."
To assert what the application actually does and if the claims in news and play store are correct we are going to take a peek inside the app. We will go with the 1.0.5 version of the app which is the latest version available at the time of writing this blog and Play Store tells me it's last updated on 18th July 2020.

Backend:

The app utilizes public jitsi servers as it's backend. It uses a public jitsi server to establish your calls.

The application:

If we delve a little deep into the app. We start finding a reference to another app called "meet" in the source code. Including icons of the app in resources folder.
The code references are available in the following files among a lot others

Upon searching for it, we can see that an app with the exact name exists in Codecanyon which anyone can buy

This app has exactly same UI design as Drishti apart from the color scheme and logo. However you will see they also provide rebranding service for a $100 fee, if you want.

Going back to Drishti we can see it still has old icons and assets inside the apk 

With this we can safely assume that Drishti is actually vMeet. And the developer probably just bought the license to use the app and reskinned it to release in playstore.

Privacy Concerns

Once we have established that Drishti is actually just vMeet. Lets see what vMeet offers a developer, to glean what kind of data Drishti exposes as well.
If you goto the codecanyon listing of vMeet, you will realize they also allow a developer to have a web Dashboard to monitor users of the app. A demo dashboard gives us a glimpse of what Drishti's Developer has access to.

So essentially a Drishti's Developer probably has access to:
  • Names of User
  • Their meeting history along with the duration
  • Meeting Statistics
  • Ability to deactivate or activate any user profile
  • Send mass notification
And might have potential access to their emails as well. I could not confirm this just from the demo dashboard.

Recommendation:

It is sufficiently clear that Drishti is just a reskinned vMeet. According to the license agreement of vMeet, it is not illegal to buy it, reskin it and publish it. So it's not breaking any law. Claiming it to be made by someone else, completely secure and made in India are the claims we found we cannot agree with. And vMeet itself seemed like a client of Jitsi meet with the purpose of being a clone to Zoom.

Our recommendation is if you need a separate solution other than zoom, you might want to consider Jitsi Meet which has a separate app in Play Store. Which also is  open source and is the underlying server technology Drishti uses anyway.

endnote: You might have noticed JioMeet uses exactly same  UI as vMeet and Zoom. However, the codebase behind Jiomeet and vMeet is not same. It does have some interesting other caveats too which we will discuss in another blog post.

Comments

Popular posts from this blog

ARCore and Arkit, What is under the hood: SLAM (Part 2)

In our last blog post ( part 1 ), we took a look at how algorithms detect keypoints in camera images. These form the basis of our world tracking and environment recognition. But for Mixed Reality, that alone is not enough. We have to be able to calculate the 3d position in the real world. It is often calculated by the spatial distance between itself and multiple keypoints. This is often called Simultaneous Localization and Mapping (SLAM). And this is what is responsible for all the world tracking we see in ARCore/ARKit. What we will cover today: How ARCore and ARKit does it's SLAM/Visual Inertia Odometry Can we D.I.Y our own SLAM with reasonable accuracy to understand the process better Sensing the world: as a computer When we start any augmented reality application in mobile or elsewhere, the first thing it tries to do is to detect a plane. When you first start any MR app in ARKit, ARCore, the system doesn't know anything about the surroundings. It starts pro

ARCore and Arkit: What is under the hood : Anchors and World Mapping (Part 1)

Reading Time: 7 MIn Some of you know I have been recently experimenting a bit more with WebXR than a WebVR and when we talk about mobile Mixed Reality, ARkit and ARCore is something which plays a pivotal role to map and understand the environment inside our applications. I am planning to write a series of blog posts on how you can start developing WebXR applications now and play with them starting with the basics and then going on to using different features of it. But before that, I planned to pen down this series of how actually the "world mapping" works in arcore and arkit. So that we have a better understanding of the Mixed Reality capabilities of the devices we will be working with. Mapping: feature detection and anchors Creating apps that work seamlessly with arcore/kit requires a little bit of knowledge about the algorithms that work in the back and that involves knowing about Anchors. What are anchors: Anchors are your virtual markers in the real wo

IRCTC blocking certain countries?

Indian Railway Catering and Tourism Corporation or most commonly known as IRCTC is the only authorized government portal in India through which someone can book a Train Ticket. It also provides booking for flights and buses but its primary use for most people is to book rail tickets online. And like thousands of other people I also use the site intermittently while booking train tickets, especially for my parents who are in India and when I want to book tickets for them. A few days back they asked me to book a ticket for them and that is when the fun started. I found out that when I tried to access the website day before yesterday (4th July 2018), instead of the familiar login page I was greeted with an error that page cannot be loaded. I thought maybe something wrong and I would try later. After a day I tried and faced the same error. Now a little bit curious since I actually never seen the site down for a prolonged time, blamed it on my Comcast connection and connecte