Data security in India: Cybersecurity authorities share concerns on unlawful application utilisation
By Jinendra Khobare, Solution Architect, Senfrx, SecureLayer7
In light of the accelerated evolution of the digital framework within India, a considerable cohort of cybersecurity connoisseurs has initiated a discourse regarding the ascending peril attributable to the unregulated utilisation of applications deemed illegal. With an impressive demographic encompassing excess of 600 million mobile device proprietors, India situates itself as a preeminent target for cyber malefactors with the intent on capitalising on specific weaknesses imbued within mobile application systems.
Unauthorised propagation and ostensibly nefarious applications engender substantial threats to data securitisation, individual privacy rights, as well as overarching national interests. Cybersecurity practitioners have identified numerous critical concerns encompassing the following:
1. Data extraction: These applications use the lure of user engagement, to further their agenda and extract volumes of personal data from their target devices. Relevant details that may be in the form of contacts, geolocation coordinates, browsing behaviours or even biometric identifiers can possibly be compromised. These data sets, when obtained, either end up in underground marketplaces (the dark web) or perhaps are being used to commit
identity theft and/or financial fraud. Utility of such a database can highly be beneficial for data miners or companies that does data mining for their intelligence. Thereby increasing the demand and price of the extracted data.
2. Malware distribution: Unauthorised apps can pose a significant threat to device security, as they may harbour malware that can be exploited by hackers to access sensitive user information. This malware can also recruit smartphones into large botnets, which can be used by attackers to launch distributed denial-of-service (DDoS) attacks, overwhelming online services with traffic to render them unavailable.
3. Economic vulnerabilities: These malicious apps often convincingly replicate genuine banking environments, with the intention of tricking users into revealing their financial login details. It’s alarming that such rogue apps can cleverly deceive users into disclosing sensitive financial information under false pretences. This allows the attackers to illicitly drain funds from the victims bank accounts.
4. Aftertaste: Experts warn that some apps developed by foreign countries, particularly those with which India has a conflict, could be used for spying or to sway public opinion. India’s Ministry of Electronics and Information Technology has banned several Chinese apps, including TikTok and WeChat, over privacy and security concerns. The ban was made permanent in January 2021, following a clash between Indian and Chinese troops at a
disputed Himalayan border. The government’s move aims to protect citizens sensitive information and prevent potential security threats.
5. The absence of regulatory oversight: The lack of regulatory oversight allows pirates to evade security checks and upload illicit apps to third-party stores with impunity. In this case, a pornographic app was cleverly disguised as a game, making it easier for scammers to target unsuspecting users. This highlights the need for stricter regulations and better security measures to protect users from such malicious activities.
6. Improved user education: Digital literacy programs can empower users to identify and prevent malicious apps. By educating students on secure downloading practices and the importance of reading app permissions, we can help them develop the skills they need to stay safe online. As the National Cyber Security Centre notes, digital literacy is a critical skill for success in school, work, and life. By promoting digital literacy, we can help users avoid
malware and virus attacks, increase efficiency and productivity, and promote digital ethics.
7. Better compliance: Security professionals are now hoping the law enforcement agencies to take strict actions against those who develop or distribute the fake apps. This includes better cooperation with international partners to combat transnational cybercrime.
8. Technological solutions: New technologies, such as more advanced app scanning and threat detection capabilities are essential. Security experts say smartphone makers and operating system designers need to build better security into the device itself.
9. Policy updates: A call for new cybersecurity policies to deal with the changing app-based threats. This would make it easier for app developers to understand the rules and strengthen enforcement against data protection breaches.
10. Public-private partnerships: It is claimed by some authorities that cybersecurity firms, tech companies and government agencies need to work together to prevent the spread of illegal apps and as a result lessen their economic impact.
Experts recommend a multi-faceted approach to combat the spread of fake apps. This includes stricter law enforcement, international cooperation, and the adoption of new technologies such as advanced app scanning and threat detection capabilities. Smartphone manufacturers and operating system designers must also prioritize building better security into devices. Furthermore, updated cybersecurity policies and public-private partnerships
are essential to prevent the spread of illegal apps and mitigate their economic impact. While these measures can help, experts warn that the problem is far from solved, and individual self-awareness and responsible use are crucial to maintaining data security in the digital age.
For the moment, this is their advice to Indian smartphone owners: download apps only from an official app store, update devices frequently and consider carefully before allowing any opened doors. In the digital age, data security begins with individual self-awareness and responsible use.
