Skip to main content

Attack of the Clones (Part 1): Drishti and vMeet


Background: India recently banned certain Chinese Apps from being used and also with that launched a campaign of being vocal for local. Essentially promoting industries and app developers alike to encourage building and using homegrown solutions. And along with that came a plethora of apps replicating different features of popular Chinese + non-chinese but popular apps trying to capitalize on the national sentiment of vocal for local.

In this series, I will try to look into a few of recently launched apps which I will call "clones" functionality wise. And also look at some of their claims where, in my opinion, they peek into the grey area too much. This is purely for archival purposes so that I can catalog my own findings and direct others here from social media debates.

Part 1

Drishti

In short, this is a Zoom rival with a very similar UI and feature set (exactly like JioMeet which we will cover in a future post). The developer claims 
"Dristi is a video-conferencing application. Which completely made in India. I have used encrypted technology . So , Your data is total secure. Not only that , I have added an extra layer of security. None can save and snapshot and record screen.
No third party login activity can access your meeting until you reveal your meeting code.
You can lock your meeting room by password also."
To assert what the application actually does and if the claims in news and play store are correct we are going to take a peek inside the app. We will go with the 1.0.5 version of the app which is the latest version available at the time of writing this blog and Play Store tells me it's last updated on 18th July 2020.

Backend:

The app utilizes public jitsi servers as it's backend. It uses a public jitsi server to establish your calls.

The application:

If we delve a little deep into the app. We start finding a reference to another app called "meet" in the source code. Including icons of the app in resources folder.
The code references are available in the following files among a lot others

Upon searching for it, we can see that an app with the exact name exists in Codecanyon which anyone can buy

This app has exactly same UI design as Drishti apart from the color scheme and logo. However you will see they also provide rebranding service for a $100 fee, if you want.

Going back to Drishti we can see it still has old icons and assets inside the apk 

With this we can safely assume that Drishti is actually vMeet. And the developer probably just bought the license to use the app and reskinned it to release in playstore.

Privacy Concerns

Once we have established that Drishti is actually just vMeet. Lets see what vMeet offers a developer, to glean what kind of data Drishti exposes as well.
If you goto the codecanyon listing of vMeet, you will realize they also allow a developer to have a web Dashboard to monitor users of the app. A demo dashboard gives us a glimpse of what Drishti's Developer has access to.

So essentially a Drishti's Developer probably has access to:
  • Names of User
  • Their meeting history along with the duration
  • Meeting Statistics
  • Ability to deactivate or activate any user profile
  • Send mass notification
And might have potential access to their emails as well. I could not confirm this just from the demo dashboard.

Recommendation:

It is sufficiently clear that Drishti is just a reskinned vMeet. According to the license agreement of vMeet, it is not illegal to buy it, reskin it and publish it. So it's not breaking any law. Claiming it to be made by someone else, completely secure and made in India are the claims we found we cannot agree with. And vMeet itself seemed like a client of Jitsi meet with the purpose of being a clone to Zoom.

Our recommendation is if you need a separate solution other than zoom, you might want to consider Jitsi Meet which has a separate app in Play Store. Which also is  open source and is the underlying server technology Drishti uses anyway.

endnote: You might have noticed JioMeet uses exactly same  UI as vMeet and Zoom. However, the codebase behind Jiomeet and vMeet is not same. It does have some interesting other caveats too which we will discuss in another blog post.

Comments

Post a Comment

Popular posts from this blog

Curious case of Cisco AnyConnect and WSL2

One thing Covid has taught me is the importance of VPN. Also one other thing COVID has taught me while I work from home  is that your Windows Machine can be brilliant  as long as you have WSL2 configured in it. So imagine my dismay when I realized I cannot access my University resources while being inside the University provided VPN client. Both of the institutions I have affiliation with, requires me to use VPN software which messes up WSL2 configuration (which of course I realized at 1:30 AM). Don't get me wrong, I have faced this multiple times last two years (when I was stuck in India), and mostly I have been lazy and bypassed the actual problem by side-stepping with my not-so-noble  alternatives, which mostly include one of the following: Connect to a physical machine exposed to the internet and do an ssh tunnel from there (not so reliable since this is my actual box sitting at lab desk, also not secure enough) Create a poor man's socks proxy in that same box to have my ow
Post a Comment
Read more

Immersive Payment: Second Update

This is the second update to the Immersive Payment project update under the Grant For Web Fellowship. You can read the last report here:  https://blog.rabimba.com/2021/05/immersive-payment-first-update.html Background Technically, WebXR is a device API that makes it possible to distribute VR/AR experiences over a web browser. It is broadly used to describe web based VR/AR experiences. The web is the biggest platform, able to reach almost every device and balance the power with app stores through permissionless innovation. However, there’s a major issue holding the ecosystem back from growing: monetization. There’s a reason why 99% of WebXR apps look like prototypes, it’s because indie creators struggle with finding ways to capture value. More polished experiences like Mozilla Hubs and Frame usually have the backing of a large entity, so they can survive. While many of the apps on the front page of Oculus Store net millions in sales, apps on the startpage for Oculus browser (#1 app) c
Post a Comment
Read more

FirefoxOS, A keyboard and prediction: Story of my first contribution

Returning to my cubical holding a hot cup of coffee and with a head loaded with frustration and panic over a system codebase that I managed to break with no sufficient time to fix it before the next morning.  This was at IBM, New York where I was interning and working on the TJ Watson project. I returned back to my desk, turned on my dual monitors, started reading some blogs and engaging on Mozilla IRC (a new found and pretty short lived hobby). Just a few days before that, FirefoxOS was launched in India in the form of an Intex phone with a $35 price tag. It was making waves all around, because of its hefty price and poor performance . The OS struggle was showing up in the super low cost hardware. I was personally furious about some of the shortcomings, primarily the keyboard which at that time didn’t support prediction in any language other than English and also did not learn new words. Coincidentally, I came upon Dietrich Ayala in the FirefoxOS IRC channel, who at
Read more