The Central government is likely to force the makers of smartphones to permit the removal of pre-installed applications and mandate screening of major operating system updates under proposed new security rules, as per Reuters.
Citing two people and a government document seen by the news agency, the report said India’s IT ministry is considering these new rules, details of which have not been previously reported, amid concerns about spying and abuse of user data.
A senior government official, on condition of anonymity as the move is not yet public, told the agency, “Pre-installed apps can be a weak security point and we want to ensure no foreign nations, including China, are exploiting it. It is a matter of national security.”
The new rules is likely to extend launch timelines in the world’s No.2 smartphone market and lead to losses in business from pre-installed apps for players including Samsung, Xiaomi, Vivo, and Apple.
The issue of data breaches and risks related to the use of Chinese mobile apps and phones was first highlighted in 2020. After the Galwan Valley clash, the Indian government banned several Chinese mobile apps. The government had banned 59 Chinese apps, including popular ones like TikTok, WeChat, and ShareIt, to protect the privacy of its citizens. The list got further long with more apps being added in the past few months. But these apps have come back in India under new identities, posing a significant threat to the security and privacy of Indian users.
In the global scenario, several countries have already imposed curbs on the use of technology from Chinese firms like Huawei and Hikvision fearing that Beijing could use them to spy on foreign citizens. However, the Chinese government denied such claims.
At present, many smartphones have pre-installed apps that cannot be removed, such as Chinese smartphone maker Xiaomi’s app store GetApps, Samsung’s payment app Samsung Pay mini and iPhone maker Apple’s browser Safari.
Under the new rules, smartphone makers will have to provide an uninstall option and new models will be checked for compliance by a lab authorised by the Bureau of Indian Standards agency, two people with knowledge of the plan told Reuters.
Sources further said that the Centre is mulling to mandate screening of every major operating system update before it is made available for users. “Majority of smartphones used in India are having pre-installed Apps/Bloatware which poses serious privacy/information security issue(s),” stated a February 8 confidential government record of an IT ministry meeting, seen by Reuters.
A crucial meeting was held in the presence of representatives from Xiaomi, Samsung, Apple, and Vivo. A year of time will be given to smartphone makers to comply once the rule comes into effect, as per the document.
Banned Chinese Apps Returning to India in New Forms?
It was reported in February by News18 that some banned Chinese apps have come back in India under new identities, posing a significant threat to the security and privacy of Indian users. One such app is Tiki, which is allegedly owned by Singapore-based Bigo, but the company has denied any involvement despite evidence indicating that it has traces in Beijing.
“While we checked with the online available tools, the IP history of https://tiki.video/ showed us that it has its traces in Beijing, and, in fact, with BGO Technology PTE LTD. It uses the similar layer that the previous app of BIGO used to have,” said cyber expert Amit Dubey. In response, Tiki denied any association with China or any Chinese apps or companies and said their servers and user data are strictly based in India.
ShareKaro, Helo, and Resso are other apps allegedly owned by Chinese firms and are operating once again in India, marketed under the false pretext of ‘Make in India’ to attract users. However, Tiki was the only company that responded to allegations and denied any Chinese links. ShareKaro, meanwhile, uses personal email IDs, which is a red flag for many. Experts believe that personal email IDs are not a problem, but when promoting an app to a large audience, people look for credibility and identity.
“Apps take several permissions at the time of installation and these permissions are not required sometimes. While marketplaces have their rules related to permissions, the same is not very defined as per app functioning and user behaviour. Apps have their own logic for accessing their data but when a server based in China has stored our crucial data, so how can this be trusted,” explained Dubey.
Apart from identity change, the banned apps are promoting alternative methods for Indian users to download them. One such method is to download an APK file from Google or use a proxy and download it as a user from another country. However, both methods come with their own set of risks.
When users install apps from APK files, they are not getting them from the official source, increasing the chances of downloading a modified version containing malware or viruses. Similarly, using a proxy to download the app can compromise the user’s privacy, as the app can collect data on their online activity.
(with inputs from Reuters)
Read all the Latest Tech News here