Skip to main content

Attack of the Clones (Part 1): Drishti and vMeet


Background: India recently banned certain Chinese Apps from being used and also with that launched a campaign of being vocal for local. Essentially promoting industries and app developers alike to encourage building and using homegrown solutions. And along with that came a plethora of apps replicating different features of popular Chinese + non-chinese but popular apps trying to capitalize on the national sentiment of vocal for local.

In this series, I will try to look into a few of recently launched apps which I will call "clones" functionality wise. And also look at some of their claims where, in my opinion, they peek into the grey area too much. This is purely for archival purposes so that I can catalog my own findings and direct others here from social media debates.

Part 1

Drishti

In short, this is a Zoom rival with a very similar UI and feature set (exactly like JioMeet which we will cover in a future post). The developer claims 
"Dristi is a video-conferencing application. Which completely made in India. I have used encrypted technology . So , Your data is total secure. Not only that , I have added an extra layer of security. None can save and snapshot and record screen.
No third party login activity can access your meeting until you reveal your meeting code.
You can lock your meeting room by password also."
To assert what the application actually does and if the claims in news and play store are correct we are going to take a peek inside the app. We will go with the 1.0.5 version of the app which is the latest version available at the time of writing this blog and Play Store tells me it's last updated on 18th July 2020.

Backend:

The app utilizes public jitsi servers as it's backend. It uses a public jitsi server to establish your calls.

The application:

If we delve a little deep into the app. We start finding a reference to another app called "meet" in the source code. Including icons of the app in resources folder.
The code references are available in the following files among a lot others

Upon searching for it, we can see that an app with the exact name exists in Codecanyon which anyone can buy

This app has exactly same UI design as Drishti apart from the color scheme and logo. However you will see they also provide rebranding service for a $100 fee, if you want.

Going back to Drishti we can see it still has old icons and assets inside the apk 

With this we can safely assume that Drishti is actually vMeet. And the developer probably just bought the license to use the app and reskinned it to release in playstore.

Privacy Concerns

Once we have established that Drishti is actually just vMeet. Lets see what vMeet offers a developer, to glean what kind of data Drishti exposes as well.
If you goto the codecanyon listing of vMeet, you will realize they also allow a developer to have a web Dashboard to monitor users of the app. A demo dashboard gives us a glimpse of what Drishti's Developer has access to.

So essentially a Drishti's Developer probably has access to:
  • Names of User
  • Their meeting history along with the duration
  • Meeting Statistics
  • Ability to deactivate or activate any user profile
  • Send mass notification
And might have potential access to their emails as well. I could not confirm this just from the demo dashboard.

Recommendation:

It is sufficiently clear that Drishti is just a reskinned vMeet. According to the license agreement of vMeet, it is not illegal to buy it, reskin it and publish it. So it's not breaking any law. Claiming it to be made by someone else, completely secure and made in India are the claims we found we cannot agree with. And vMeet itself seemed like a client of Jitsi meet with the purpose of being a clone to Zoom.

Our recommendation is if you need a separate solution other than zoom, you might want to consider Jitsi Meet which has a separate app in Play Store. Which also is  open source and is the underlying server technology Drishti uses anyway.

endnote: You might have noticed JioMeet uses exactly same  UI as vMeet and Zoom. However, the codebase behind Jiomeet and vMeet is not same. It does have some interesting other caveats too which we will discuss in another blog post.

Comments

Post a Comment

Popular posts from this blog

Curious case of Cisco AnyConnect and WSL2

One thing Covid has taught me is the importance of VPN. Also one other thing COVID has taught me while I work from home  is that your Windows Machine can be brilliant  as long as you have WSL2 configured in it. So imagine my dismay when I realized I cannot access my University resources while being inside the University provided VPN client. Both of the institutions I have affiliation with, requires me to use VPN software which messes up WSL2 configuration (which of course I realized at 1:30 AM). Don't get me wrong, I have faced this multiple times last two years (when I was stuck in India), and mostly I have been lazy and bypassed the actual problem by side-stepping with my not-so-noble  alternatives, which mostly include one of the following: Connect to a physical machine exposed to the internet and do an ssh tunnel from there (not so reliable since this is my actual box sitting at lab desk, also not secure enough) Create a poor man's socks proxy in that same box to have...
Post a Comment
Read more

My Google I/O 2024 Adventure: A GDE's Front-Row Seat to the Gemini Era

Hey tech enthusiasts! Rabimba Karanjai here, your friendly neighborhood Google Developer Expert (GDE), back from an exhilarating whirlwind tour of Google I/O 2024. Let me tell you, this wasn't just your average tech conference – it was an AI-infused extravaganza that left me utterly mind-blown! And you know what made it even sweeter? I had front-row seats, baby! Huge shoutout to the GDE program for this incredible opportunity. Feeling grateful and a tad spoiled, I must admit. 😉 Gemini: The AI Marvel That's Stealing the Show Now, let's dive into the star of the show: Gemini . This ain't your grandpa's AI model – it's the multimodal powerhouse that's set to redefine how we interact with technology. Imagine an AI that doesn't just understand text, but images, videos, code, and even your wacky doodles. Yep, that's Gemini for you! Google's been cooking up this AI masterpiece, and boy, did they deliver! The keynote demo had us all gawk...
Post a Comment
Read more

MovieBuff: Dive Deeper into Movies with Generative AI

MovieBuff: Dive Deeper into Movies Before You Watch MovieBuff: Dive Deeper into Movies Before You Watch Have you ever spent two hours watching a movie only to be disappointed? MovieBuff is here to help! This Streamlit application leverages the power of Google's Generative AI, specifically the Gemini-Pro model, to provide you with detailed information about movies and TV series before you invest your precious time. Motivation Choosing a movie can be overwhelming. With countless options available, it's hard to know which ones are worth watching. MovieBuff aims to solve this problem by offering a quick and easy way to explore movies based on your interests. How it Works MovieBuff is incredibly user-friendly. You can either: Enter the movie title and year: Simply type the name of the movie you're interested in, and MovieBuff will fetch relevant information like plot summaries, directors, genres, themes, main conflicts, settings, character descriptions, tr...
Post a Comment
Read more