The development comes at a time when India and China are in stand-off over Doklam besides rising concern over imports of Chinese IT and telecom products.
Amidst reports of data leakage, the government on Wednesday asked 21 smartphone makers, including Chinese firms, to provide details of safety and security practices followed by them to ensure security and privacy of personal data in the mobile phones.
The directive by Ministry of Electronics and Information Technology has been sent to Chinese companies such as Vivo, Oppo, Xiaomi, OnePlus and Gionee as well as others like Apple, Samsung and Micromax. There have been instances where full contact list and text messages are being leaked in India and abroad, according to sources.
The development comes at a time when India and China are in stand-off over Doklam besides rising concern over imports of Chinese IT and telecom products.
"There's a need to ensure safety and security of mobile phones. People use their phones for making payments online, for buying e-commerce stuff. At such a time, it is vital that data is secure," a senior official from the ministry said on the condition of anonymity.
In the first phase, devices, preloaded software, and apps will be under scrutiny. The companies have been given time till August 28 to revert with the required information.
The official said that more steps might be taken to contain the overall threat arising from increasing Chinese business interest in India. The government is also undertaking a review of import of electronics and other IT products from China on account of fears about security and data leakages.
"All the procedures, architecture, frameworks, and standards adopted by them to ensure security and privacy of users' data has to be provided. The data centres of most companies are located in China," the official added.
Chinese vendors have about 49 per cent share in the Indian mobile phone handset market in terms of revenues.
'Share security info or action will be taken'
As per CMR's India Quarterly Mobile Handset Market Review for Q1 CY 2017, Chinese brands Xiaomi, Vivo, and Oppo were among the top five with 11.7 per cent, 11.5 per cent, and 10.6 per cent share respectively. Samsung secured the top spot with 29 per cent share by revenues.
Faisal Kawoosa, Principal Analyst at Cyber Media Research, raised questions over undertaking such an exercise which need a deep level of engagement from both the sides. "It is not feasible in the current form. How will one validate the authenticity of information provided? Secondly, app makers are also taking users' data through one way or other, how will you address that? It is not a well-thought process."
However, Indian Cellular Association President Pankaj Mohindroo said that the mobile handset industry is deeply cognisant of the security requirements of the nation. "With the digital economy becoming an important part, this sense of security is of paramount importance."
There can be no argument against the need to have secure communication and protection of data, but we must grasp this issue in its entirety, he said, adding that we should not move towards an ecosystem which can stop innovation in the development of mobile applications.
As per the IT Act, Section 43 (A), a company is responsible to make sure that it keeps the data of users safe, and the rules have to be complied with. There's a provision of unlimited compensation and penalties of Rs 5 crore through state-level arbitrators. Based on the response of the companies, the ministry will initiate verification and audit of devices where required.
"Any device sold in the country should be compliant with global security standards. If companies fail to comply, further action will be taken," the official said.
The minister for electronics and IT Ravi Shankar Prasad had called a meeting of senior officials in the department, and representatives of CERT-In and others on August 14 to take stock of the situation.
The letter has been sent by Indian Computer Emergency Response Team (CERT-In), under the ministry. CERT-In Director General Sanjay Bahl said in the letter, "If we find any shortcomings, we may also conduct an audit to ensure that smartphone companies are in compliance." In case the companies were found violating India's data security norms prescribed in the Information Technology Act, they may be subject to a penalty under the Section 43 (A) of the law. Penalty under the section does not have a limit.
According to data by the ministry, during 2016-17, India imported mobile phones of nearly $3.74 billion in value. An aggregate of 17.5 crore units were assembled in India during the year with a value of nearly Rs 90,000 crore.
"The mobile phones are playing a crucial role in achieving goals of Digital India and have achieved a penetration of 65-70 per cent. These devices hold valuable information of the users and there is a need to ensure security and safety of these devices," the letter said.
"The security of the mobile devices must address all layers including hardware security, operating system and applications security, securing network communications, the encryption standards used. "Updating of operating system, firmware and application must be done in a secure manner," the letter to the companies said.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Xiomi")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}