The Ministry of Electronics and Information Technology (MeitY) sent notices to OnePlus, Xiaomi, Vivo, and Oppo last week seeking details about their phones and components, The Morning Context has reported.
The notices come after an ET report claimed that the government is considering mandating a teardown or in-depth testing of smartphones and installed apps to check for potential snooping of citizens. Such rules could mirror the government’s requirements for telecom equipment, the ET report claimed.
The security of Chinese smartphones has been in the spotlight recently after reports alleged that Xiaomi smartphones send data to Chinese service providers and have a built-in ability to censor certain phrases.
How does the government prevent Chinese snooping in telecom equipment?
In order to secure telecom equipment against the threat of snooping, the Indian government has put security requirements in place for telecom service providers:
Trusted sources: The government passed a National Security Directive in December 2020 to prevent the use of Chinese tech in telecom equipment. To implement the directive, a list of trusted sources and trusted products is currently being collated. Telecom service providers will only be allowed to use components from trusted sources, which in turn would mean that their products would be marked ‘trusted’.
While new equipment will need to be approved by the government, existing tech does not need to be replaced immediately. The DoT amended the telecom license for this purpose in March. Telcos and vendors now have to register products on the portal through an authorised nodal officer, and can only procure the products once approved.
Xiaomi phones send data to Chinese service providers: Lithuania
Security concerns regarding Chinese smartphones were recently brought up by Lithuania’s Defence Ministry which found:
- Snooping risks associated with Xiaomi devices: The Ministry’s report said that pre-installed apps on Xiaomi send a variety of statistical data to servers of the Chinese cloud service provider Tencent. “The collected statistics are sent via an encrypted channel to Xiaomi servers in Singapore, which is not covered by the General Data Protection Regulation. According to international sources, clear cases of unauthorised collection of user data by Xiaomi have been identified. Potentially excessive collection and use of analytical data can be said to pose a threat to the privacy of personal data,” the report concluded. (emphasis added)
- Censorship capabilities of Xiaomi devices: The report found that Xiaomi apps including MiBrowser, Security, Themes, Cleaner, and MIUI Package Installer regularly download a configuration file called “MiAdBlacklistConfig” from a server located in Singapore. When NCSC analysed the applications, it found code that allows filtering of content based on a downloaded blacklist. “When it is determined that such content contains keywords from the list, the device blocks this content,” the report revealed.
- Risks associated with installing apps on Huawei devices: “Installing mobile applications on Huawei devices is characterised by cybersecurity uncertainties,” the report said. It found that “a portion of the mobile applications contained on the application distribution platforms are imitations of the original applications, with malicious functionality or virus infestation; such applications can be downloaded and installed by the user on the mobile phone, thereby jeopardising the security of the device and the data contained in it.
MediaNama has reached out to Xiaomi, OnePlus, Vivo, and Oppo for comment, and will update the report once a response is received.
- DoT Launches Trusted Telecom Portal For Registration Of Approved Telecom Gear
- Xiaomi Devices Have Censorship Capabilities That Can Be Remotely Activated: Lithuania Defence Ministry
- Beijing Objects To Chinese Companies Being Excluded From 5G Trials In India
Have something to add? Post your comment and gift someone a MediaNama subscription.