In January 2022, the Indian media outlet and Wire partner ‘The Wire’ published a three-part series on its investigation into the Tek Fog app. The following is a summary of its most important findings. You can read the full series — including the verification methods the authors Ayushman Kaul and Devesh Kumar used — here. Note: All references to ‘The Wire’ herein refer to the India-based publication, not the Progressive International pillar.
Over a series of tweets in April 2020, an anonymous Twitter account @Aarthisharma08 claiming to be a disgruntled employee of Bharatiya Janata Party's (BJP's) Information Technology Cell (IT Cell) alleged the existence of a highly sophisticated and secret app called 'Tek Fog'.
They claimed this app is used by political operatives affiliated with the ruling party to artificially inflate the popularity of the party, harass its critics, and manipulate public perceptions at scale across major social media platforms.
The source alleged that they had decided to come forward after their supposed handler – Devang Dave, ex-national social media and IT head of the Bharatiya Janata Yuva Morcha (the youth-wing of the BJP) and current election manager for the party in Maharashtra – failed to deliver on a lucrative job offer promised in 2018 if the BJP was able to retain power in the 2019 Lok Sabha elections.
Over the next two years, a process of correspondence followed where the team at The Wire set out to test what could and could not be verified in the allegations made by the whistleblower, in addition to investigating the broader implications of the existence of such an app on the public discourse and the sanctity of the country's democratic processes.
Here’s what the investigation found.
One of the primary functions of Tek Fog is to hijack the 'trending' section of Twitter and 'trend' on Facebook. This process uses the app's built-in automation features to 'auto-retweet' or 'auto-share' the tweets and posts of individuals or groups and spam existing hashtags by accounts controlled by the app operatives.
This feature is also used to amplify right-wing propaganda, exposing this content to a wider audience on the platform, making extremist narratives and political campaigns appear more popular than they actually are.
Another alarming feature offered by the app is its ability to allow individual operatives to hijack 'inactive' WhatsApp accounts of private citizens and use their phone number to message their 'frequently contacted' or 'all contacts', using a technique resembling 'token theft'. App operators also use this feature to phish the personal information of targeted users to add to a cloud-based political database. The addition of private citizens into this database makes them available as potential targets in future harassment and trolling campaigns.
According to screenshots and screencasts seen by The Wire, the app shows an extensive and dynamic cloud database of private citizens categorised according to their occupation, religion, language, age, gender, political inclination and even physical attributes. The screenshots also indicate that this database allows app operatives to 'auto-reply' to individuals or groups by connecting a Google Sheet or by auto generating keywords and phrases, a vast majority of which are abusive or derogatory.
Another important functionality present in the app screens was the ability for app operatives to delete or remap all existing accounts at a moment's notice. This feature theoretically allows them to destroy all incriminating evidence of their past activity.
After reviewing the features of the Tek Fog app the team asked the whistleblower to provide information regarding their employers. A bank statement and payslip sent by them surprisingly listed the involvement of two private companies, Persistent Systems and Mohalla Tech Pvt. Ltd. as their 'employer' and 'assigned client', respectively.
Persistent Systems is an Indian-American publicly traded technology services company founded in 1990. Mohalla Tech Pvt. Ltd. is the company behind Sharechat, a popular Indian regional language social media platform funded by Twitter.
The source explained that Persistent Systems employ them as a 'social media incharge' based out of the company's corporate office in Nagpur, India. However, their current project to operate the Tek Fog app required close collaboration with Sharechat and the person the whistleblower identified as their immediate supervisor, Devang Dave, the former National Social Media and IT Head of BJYM and the current election manager for the BJP in Maharashtra.
The source claimed that the app operatives used Sharechat, the flagship product of Mohalla Tech Pvt. Ltd. to test and curate fake news, political propaganda and hate speech before automating it to other popular social media platforms like Twitter, Facebook, and WhatsApp.
Marketed as India's #1 social media app, Sharechat has thousands of targeted regional communities that allow millions of users to share posts, news, photos, memes, and videos in their local language. The app acts as both a social network – where users can follow accounts, message existing users – and an open broadcasting platform, where people share content with strangers.
Sharechat supports 14 different local languages and focuses on hyperlocal content catering to India's burgeoning class of non-English speaking social media users predominantly hailing from the Tier-2 and Tier-3 cities. With a claimed base of 160 million users in India, the company raised $502 million in April 2021 from Tiger Global, Snap and some existing investors such as Twitter, and $145 million in a fresh funding round last July, valuing the company at nearly $3 billion.
During the Uttar Pradesh elections in 2017, Ankur Shrivastava, the product lead at Sharechat, published a Medium post highlighting the company's steps to woo political parties to the social media platform. This included creating special communities and tags for regional parties and deriving a popularity index for them in the UP elections. A year later, MoneyControl published an article highlighting how multiple regional and national parties had created profiles on the vernacular platform, hoping to leverage the platform's access to its predominantly regional audience.
One of the most important – and disturbing – features of Tek Fog is the hard-coding of abuse modules, and the manner in which these are deployed by a vast network of managed accounts to target critics, political opponents and ordinary citizens. Tek Fog appears to have been used particularly effectively against women journalists active on social media whose work or posts run counter to the BJP's official narrative. The aim is to use abuse and harassment to not just drown out dissent and criticism but also intimidate and silence individuals.
So how does this 'abuse' feature work? The whistleblower explained that first, the app's operators access the database of individuals integrated with Tek Fog to identify persons to target. The database includes students, journalists, comedians, film actors, social media influencers, spiritual leaders and others, together with information about their religion, gender, sexual orientation, language, age, political affiliation and, in some cases, physical attributes like complexion and even breast size. All of this information allows operators to target specific people based on their indicators – from harassing them from multiple accounts to sending offensive messages into their private Twitter inbox.
The most frequently targeted groups were women and Muslims, according to a review of the app's screenshots and screencasts that the source provided.
Most of the targeted women were able to correlate their own experiences online with these revelations about Tek Fog. “I am not surprised,” Rana Ayyub, tweeted when The Wire released this data on Twitter. “From porn videos, misogynistic, communal abuse, character assassination, have seen it all, enabled by the government. The #tekfog investigation by the Wire, validates what most women journalists have flagged for years.”
“A million abuses were hurled at women journalists through a secret app in just five months,” said Rohini Singh on Twitter. “The most powerful party in India spends its resources on abusing women in order to silence them. The price women pay for existing on social media….”
Other prominent women journalists targeted through the Tek Fog app, and independently verified by The Wire, include Ismat Ara, Hiba Bég, Neha Dixit, Fatima Khan, Jyoti Yadav, Sakshi Joshi, Shereen Bhan and Madhu Trehan, amongst others. A list of the 20 most abused women journalists also included Quratulain Rehbar and Masrat Zahra, two independent journalists from Kashmir.
Other screenshots of ‘past trends’ amplified by Tek Fog also list multiple hashtags that indicate that the operators were actively involved in communalising India's first major COVID-19 outbreak, in 2020, by focusing on the Tablighi Jamaat, the Sunni Islamic missionary movement . They made hashtags like #तब्लीगी_जमात_जिहाद (“Tablighi Jamaat Jihad”) and #TablighiJamatVirus, trend – with a goal to demonise a Muslim congregation and pin the blame for the country's expanding epidemic on the event's organisers and attendees, and by extension, Muslims as a whole.
The scale and sophistication of Tek Fog's features in The Wire’s series offer a springboard from which to understand the use of automated propaganda online and its role in engineering public discourse by state and corporate actors in India. The 'Tek Fog' app itself appears to be the backbone of a vast and still largely unexplored network of paid workers and volunteers deploying disinformation strategies on social media platforms to distort or corrupt public conversations in favour of India's ruling party.
As social media platforms become more popular, the impact of online discourse on individual beliefs and views will also expand. And when unscrupulous political and private actors hijack such platforms, we face a considerable and unprecedented threat to the freedom of expression and of political association guaranteed to all citizens in India.
Indeed, the possibility of similar apps being employed by political operatives in other countries, albeit in less sophisticated forms, poses a deeply corrosive threat to the institutionalisation of democratic norms and the guarantee of independent public discourse, both intrinsic elements of the continued functioning of major democracies across the globe.
Image: Shreya Bhatia
The Wire is the only planetary network of progressive publications and grassroots perspectives.
The mission of the Wire is bold: to take on the capitalist media by creating a shared space for the world’s radical and independent publications, building a coalition that is more than the sum of its parts.
Together with over 40 partners in more than 25 countries — and the relentless efforts of our team of translators — we bring radical perspectives and stories of grassroots struggles to a global audience.
If you find our work useful, help us continue to build the Wire by making a regular donation. We rely exclusively on small donors like you to keep this work running.