After issuing notices to the Chinese phone makers, the Center has now turned its attention towards the mobile apps developed by China. This comes after a Hyderabad-based lab has found out the means by which Alibaba-owned UC Browser can transmit data, specifically location and other important user details, to remote servers uninterruptedly.
According to a source, a UC Browser has been sending user and device identifiers such as IMSI (international mobile subscriber identity) and IMEI (international mobile equipment identity) numbers and location data to a remote server based in China.
When a device is connected to the internet through WiFi, numerous details – such as the phone’s and the access point’s network information, are being sent to the remote numbers, said the source.
This is quite a reason for concern as UC Browser has a share of as much as 50% of India’s total mobile browsing market, according to the latest data furnished by StatCounter.
This security flaw in the browser was first detected in May 2015 by researchers at the University of Toronto.
Meanwhile, the innumerable government notices regarding sharing of security infrastructure details continue to flood the smartphone manufacturers. A government official further said that New Delhi has been planning to send another lot of notices, including some to Reliance Jio’s smartphone brand, LYF, and others including Videocon and Meizu. Till now, notices to 30-odd handset manufacturers have already been sent by the government.
This move of securing India’s telecom services has been taken by the Ministry of Electronics and IT on the backdrop of the Doklam crisis, where the armies of both China and India are continuing a face-off over the last three months.
According to the government officials, India is aiming to strengthen and secure its cyberspace and digital infrastructure, especially because most of the firms manufacturing smartphones in India have their servers abroad. Furthermore, a majority of these being Chinese, which directly or indirectly cater to the Indian telecom industry, is adding fuel to the fire.
The government believes that depending more on the Chinese firms in the electronics sector, whose servers are not in India, is making India’s digital infrastructure more susceptible to hacking and misuse.
It is to be mentioned here that India is a big importer of electronic goods, specifically from China. In 2016-17, against a demand of $86.4 billion for electronics goods, the country imported $42.8 billion worth of goods, primarily from China.
As per the researchers, this demand for electronic goods is all set to touch $400 billion by the year 2023-24. It is true that the Chinese manufacturers have been working in India for years now but the lack of any specified security standards may eventually go against India’s benefit.
To speed up the entire process, the government has set August 28 as the deadline for receiving detailed responses on the safety and security practices, architecture, guidelines or standards followed and implemented in the products and services rendered in, and made for, India.
It is based on these responses that the government will start verification and audit of the devices, the official said.
Furthermore, if reports are to be believed, the government has warned the companies not adhering to the procedures of dire consequences under provisions of the IT-Act.