Are Chinese phones spying on your mobile data?
According to the Government of India, mobile phones particularly smartphones are playing a crucial role in achieving the goals of Digital India and have achieved a penetration of 65-75 percent. Indian Cellular Association (ICA), a body of mobile handset companies operating in India; has mentioned that the mobile handset industry is “deeply cognizant” of the security requirements of the nation.
About 54% of the Indian smartphone market has been cornered by Chinese phones companies are making their way to the fastest-growing smartphone market in the world. As per a recent Confederation of Indian Industry study, Chinese investment in the electronics and information technology products sector is worth nearly $22 billion. There is a growing suspicion that Chinese Phones manufacturers might be accessing consumer data from the smart-phones / devices, without user permission and sending it to Chinese servers which is out of Indian jurisdiction. Keeping this in mind, Government of India has recently ordered as many as 21 phone makers, including leading Chinese brands to give “detailed, structured written response” on how they secure data and ensure its safety and security.
As per recent reports, a Chinese mobile device company; One Plus has been collecting user data without their consent. It has been mentioned that the company collects its handset users’ IMEI numbers, mobile network names, MAC addresses, and IMSI prefixes among other information specifically related to WI-FI information, App Access and Screen active timestamps. Furthermore, no provision has been made for the users to disable this telemetry data collection.
It is not just the Mobile device manufacturers we have to be wary of but also the app developers. Mobile Apps have been aggressively developing apps which require permissions to access the sensitive information under the garb of assisting their referral programs or better user experience.
Does it imply that we should be raising our guards the moment a device manufacturer or an app developer transfers the sensitive data to a Chinese controlled server? We have to be judicious in our approach and trust plays an important role in matters concerning privacy. Privacy invariably is protected by the law of the land, but hard evidence is required before we can conclude that the law has been broken.
Malicious Apps have been stealing sensitive data from the devices and storing them on servers, however very recently, researchers discovered a Chinese App for Smartphones, siphoning off with sensitive user data and storing them on private servers. The app in question is the “DU Antivirus Security”, it collected the personal information about its users viz. unique identifiers, contact lists and call logs which was then relayed to two different servers, with one of them belonging to an employee of Baidu. The data was reused commercially by their sister app “Caller ID & Call Block – DU Caller” and as the name suggests is related to providing Caller ID Information.
It’s a long known fact that App Developers have access to user data, furthermore, they use this data for developing and building services, but how much of this is shared with Third-Party is never known unless they suffer some kind of breach or someone stumbles upon it. The third party could be Governments or Advertisement Networks, one cannot be simply sure of this back-door alliance.
It is imperative for all the Governments to wake up to the fact that it’s not just the Device manufactures but also the App Developers who may siphon off the much coveted Citizen’s Personal Information. They also need to introspect about the data being accessed by rogue governments and is the most worrying factor which has had everyone on tenterhooks.
Read more – Blog eScan