Ministry of Electronics and Information Technology, Government of India, today clarified that it has not conducted any sort of study to check if Chinese-made smartphones used in India are sending sensitive data to their country of origin.
“Ministry of Electronics and Information Technology (MeitY) has not conducted any such study,” said Minister of State Sanjay Dhotre, in response to a question by Rajya Sabha MP Vivek Tankha.
Tankha wanted to know if government of India “has conducted any study on Chinese manufactured mobile phones and tablets to assess whether they are transmitting Indian user data to China.”
Around 80% of the 80 million (8 cr) or so of smartphones sold in India per year are made in China, and run on operating systems that are designed, updated and controlled from China.
The total number of smartphones and smart TVs running such Chinese operating systems are estimated to be in the hundreds of millions, and their presence has been a cause for concern among security experts in the country for some time.
While the government of India has taken action against certain types of China-made software — particularly apps — it has so far done almost nothing to address the security risks posed by such China-made operating systems.
Most of the popular brands of phones in India run on modified versions of the Android operating system.
Even though the Android operating system is open source, its particular license conditions place it in a different category compared to most well-known open source software, including Linux.
While the Gnu Public License, which governs the Linux Operating System, requires anyone who makes changes to the code to disclose the changes publicly, such a requirement is not there for BSD, and therefore, for Android.
Unlike GPL, the BSD license allows any company to take the code, alter it in any way they want, and not disclose the changes to anyone.
While this is great for companies who want to keep their code secret, it raises particular security concerns for users due to the secret nature of the changes.
For its part, the Indian government has expressed fears that Chinese software — particularly the ones that have been banned — could be sending data from the smartphones on which they have been installed to China.
“Over the last few years, India has emerged as a leading innovator when it comes to technological advancements and a primary market in the digital space,” the IT ministry said in June.
“At the same time, there have been raging concerns on aspects relating to data security and safeguarding the privacy of 130 crore Indians. It has been noted recently that such concerns also pose a threat to sovereignty and security of our country.”
It added that there have been reports of foreign software “stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.”
“The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures,” it added.
Without referring to any in-house study, it cited some recommendations from the Ministry of Home Affairs that suggested that action be taken against certain software, and has so far banned around 224 pieces of software.
However, the software that have been banned comprise only apps, and not even a single operating system has so far been restricted from use in India even though operating systems have far greater access to user data than any app can have.