A senior official at the Ministry of Electronics and Information Technology said that through this exercise the government aims to scrutinise in hardware component as well as preloaded software and apps to find potential loopholes
At a time when border tensions with China continue to simmer, the Indian Computer Emergency Response Team (CERT-In) has written to all 21 smartphone manufacturers operating in the country, including Chinese firms, seeking details of safety and security practices, architecture, frameworks, and standards put in place by them to prevent leakage of data from handsets used by consumers. A senior official at the Ministry of Electronics and Information Technology said that through this exercise the government aims to scrutinise in hardware component as well as preloaded software and apps to find potential loopholes.
“We need to ensure that security of mobile phones is ensured. If data is being leaked into a third country, that is not in our interest. Data is the most important resource in the country right now. It shouldn’t be leaked,” a senior official at the Ministry of Electronics and Information Technology said. Chinese companies selling smartphones in India, including Xiaomi, Gionee, Oppo, OnePlus among others, are gaining in market share.
The official pointed out that the move has come in light of various cases of contacts and text messages being leaked in India as well as abroad. “The smartphones hold valuable information of users as they use the phone to make digital payments, have personal data. The data centres of many of these companies are also established in China,” the official said. Currently, rules stipulate that only those data centres on which government data is being hosted must be located within India.
In the letter sent to smartphone manufacturers, CERT-In Director General Sanjay Bahl has asked the companies to file the security measures established by them by August 28. “If we find any shortcomings, we may also conduct audit an audit to ensure that smartphone companies are in compliance,” the aforementioned official said. He also said that in case the companies were found violating India’s data security norms prescribed in the Information Technology Act, they may be subject to a penalty under the Section 43 (A) of the law. Penalty under the section does not have a limit.
According to government data, during 2016-17, India imported mobile phones of nearly $3.74 billion in value. An aggregate of 17.5 crore units were assembled in India during the year with a value of nearly Rs 90,000 crore. Apart from the notice to smartphone makers, the official said that further steps could be taken to contain the overall threat arising from “increasing Chinese business interest” in India. The government is also undertaking a review of import of electronics and other IT products from China on account of fears about security and data leakages.