Even as the National Cybersecurity policy awaits release, the National Security Council Secretariat (NSCS) appears to have embarked on a new project. The NSCS has started creating a platform that would give information to Indians about possible security vulnerabilities in the mobile devices and apps that they use, according to a report by the Economic Times.
In order to create this platform, the NSCS has approached the ministries of IT, home affairs, and finance and is also trying to rope in private players with the help of the Internet and Mobile Association of India (IAMAI), ET reported.
“There will be a central database in the middle and the information will be available as an API. In case users want specific information, they can use the app. It will detect the phone and apps being used and will offer curated information for the app regarding vulnerabilities,” Satyendra Verma, head of I-CAMPs and IAMAI advisor was quoted as saying in the ET report. The project will not be mandatory and could take 6-8 months to launch, he added.
Indian government on the lookout for spying tech
MeitY sent notices to OnePlus, Xiaomi, Vivo, and Oppo last month seeking details about their phones and components. This notice came after an ET report revealed that the government was considering passing a regulation to mandate teardown of handsets to check for snooping. Beyond hardware, the government is also reportedly looking into the strategy of pre-installing apps on new smartphones sold by Chinese manufacturers.
With respect to telecom equipment, the government has already set up a portal with a list of ‘trusted sources’ from which Indian manufacturers can buy materials. This was built on top of a National Security Directive that was passed in December 2020, essentially to prevent the use of Chinese tech in telecom equipment.
What the Lithuanian govt found out about Chinese smartphones
The following security concerns regarding Chinese smartphones were brought up by Lithuania’s Defence Ministry last month:
- Snooping risks associated with Xiaomi devices: The Ministry’s report said that pre-installed apps on Xiaomi send a variety of statistical data to servers of the Chinese cloud service provider Tencent. “The collected statistics are sent via an encrypted channel to Xiaomi servers in Singapore, which is not covered by the General Data Protection Regulation. According to international sources, clear cases of unauthorised collection of user data by Xiaomi have been identified. Potentially excessive collection and use of analytical data can be said to pose a threat to the privacy of personal data,” the report concluded. (emphasis added)
- Censorship capabilities of Xiaomi devices: The report found that Xiaomi apps including MiBrowser, Security, Themes, Cleaner, and MIUI Package Installer regularly download a configuration file called “MiAdBlacklistConfig” from a server located in Singapore. When NCSC analysed the applications, it found code that allows filtering of content based on a downloaded blacklist. “When it is determined that such content contains keywords from the list, the device blocks this content,” the report revealed.
- Risks associated with installing apps on Huawei devices: “Installing mobile applications on Huawei devices is characterised by cybersecurity uncertainties,” the report said. It found that “a portion of the mobile applications contained on the application distribution platforms are imitations of the original applications, with malicious functionality or virus infestation; such applications can be downloaded and installed by the user on the mobile phone, thereby jeopardising the security of the device and the data contained in it.
After these findings were released by the Lithuanian government, the German Federal Office for Information Security reportedly launched an investigation into Chinese handsets.
- CDSL data breach: Sensitive investor information exposed in attack
- In Parliament, Defence Ministry reveals Defence Cyber Agency now functional
- India looks to scale up electronics exports in next couple of years
Have something to add? Post your comment and gift someone a MediaNama subscription.