OPINION: My personal take on the Allen security report
3 Apr 2025
This is not a part of the aforementioned report and is not to be taken as such. This represents my personal views on the matter, as a student of the institution.
Look, I’m a student at Allen. I see what happens inside. And while my report was purely technical, I’ve got some personal thoughts on this mess.
While this isn’t part of the report, I’d like to put in a few of my own opinions down. Allen expects students to work 16-hour days, sit on wooden planks in rooms with dingy office lighting and no windows, and treat their campus heads and C-level executives like gods. They teach thousands of students, many of them minors. And yet they fall prey to making one of the most basic security lapses that can possibly happen. Their app security is so weak that anyone with a Mac and a few minutes can extract their API keys. While I haven’t investigated their other apps and web services, this lapse is a clear indication that somebody should.
The illusion of power can’t make up for the lack of competence. And when incompetence puts students at risk, it stops being an illusion—it becomes negligence.
I’ll reiterate what I said in my report –
- Students: be aware that your data may not be secure. Ask Allen how they plan to protect it.
- Parents: ask Allen why a billion-dollar coaching empire can’t follow basic security practices.
- Everyone else: this is a serious data security issue affecting minors. Spread the word.
Education is about people, not profits – and as students, we deserve better. We aren’t just numbers in a coaching factory – we’re people, and we have the right to demand basic security from organisations that hold massive amounts of our data. And if someone wants to act like a corporate entity rather than an educational one, they deserve to be held up to the same standards as every other corporation.
They shouldn’t get a free pass just because their audience is mostly children. To reiterate, this isn’t just incompetence – it’s negligence. And negligence at this scale should have consequences.
···
Read more —
3 Apr 2025
A Billion-dollar EdTech Company Left API Keys in Their App. That's Not Security – That's Sloppy.
A billion-dollar Indian edtech giant left sensitive keys exposed in their iOS app bundle. 15 days later, they've done nothing.
1 Apr 2025
15 Years at DPS
On 15 years spent at at my alma mater, DPS Bangalore South
9 Mar 2025
Compiling TextMate I: Minimum Compilable Product
I've embarked on a quest to resurrect TextMate, for some reason.
< all blog
This is not a part of the aforementioned report and is not to be taken as such. This represents my personal views on the matter, as a student of the institution.
Look, I’m a student at Allen. I see what happens inside. And while my report was purely technical, I’ve got some personal thoughts on this mess.
While this isn’t part of the report, I’d like to put in a few of my own opinions down. Allen expects students to work 16-hour days, sit on wooden planks in rooms with dingy office lighting and no windows, and treat their campus heads and C-level executives like gods. They teach thousands of students, many of them minors. And yet they fall prey to making one of the most basic security lapses that can possibly happen. Their app security is so weak that anyone with a Mac and a few minutes can extract their API keys. While I haven’t investigated their other apps and web services, this lapse is a clear indication that somebody should.
The illusion of power can’t make up for the lack of competence. And when incompetence puts students at risk, it stops being an illusion—it becomes negligence.
I’ll reiterate what I said in my report –
- Students: be aware that your data may not be secure. Ask Allen how they plan to protect it.
- Parents: ask Allen why a billion-dollar coaching empire can’t follow basic security practices.
- Everyone else: this is a serious data security issue affecting minors. Spread the word.
Education is about people, not profits – and as students, we deserve better. We aren’t just numbers in a coaching factory – we’re people, and we have the right to demand basic security from organisations that hold massive amounts of our data. And if someone wants to act like a corporate entity rather than an educational one, they deserve to be held up to the same standards as every other corporation.
They shouldn’t get a free pass just because their audience is mostly children. To reiterate, this isn’t just incompetence – it’s negligence. And negligence at this scale should have consequences.
A Billion-dollar EdTech Company Left API Keys in Their App. That's Not Security – That's Sloppy.
A billion-dollar Indian edtech giant left sensitive keys exposed in their iOS app bundle. 15 days later, they've done nothing.
1 Apr 2025
15 Years at DPS
On 15 years spent at at my alma mater, DPS Bangalore South
9 Mar 2025
Compiling TextMate I: Minimum Compilable Product
I've embarked on a quest to resurrect TextMate, for some reason.
< all blog