Concerned over instances of Indian mobile phone users’ contact lists, details and text messages being leaked to other countries, including China, the government has asked all firms selling smartphone handsets in the country to share details of the processes they follow to ensure there is no possibility of data thefts or leakages from their devices.
The government is concerned not just about the security features of the handsets being sold, but also of the embedded programmes that are a part of the user experience, such as the operating system, browser and pre-loaded applications.
“Since a mobile handset is central to the government’s Digital India programme, we are trying to make them more secure. The government is concerned about protecting users since there have been reports that some phones leak data,” a senior government official said.
ADVERTISEMENT
“If data is the most important resource today, like raw materials used to be in the past, then we cannot ignore any prospects of such data going to a third country, be it China or any other country. This is not in our interests,” the official asserted.
The move comes in the wake of a review meeting on cyber security concerns held by Electronics and Information Technology Minister Ravi Shankar Prasad on Monday, where specific instructions were given to officials to see to it that data leakages from handsets are prevented.
ADVERTISEMENT
‘Inform us’
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
“As a first step in this direction, we have asked all smartphone sellers in the country to inform us of the security procedures they follow to ensure data security of the users of those devices. They have to report to the Electronics and IT Ministry on this issue by August 26,” the official said.
While he refused to name specific companies whose phones have been compromising user data, the official said the government would take steps to independently verify the claims made by mobile phone sellers about their security systems, and this could include independent third party audits, if need be.
Section 43A of the Information Technology Act puts the onus on corporates to secure the data in their possession, and the compensation they may be liable to pay for a breach of data or the loss caused by data theft could be unlimited, the official said.