After Chinese smartphone makers, the government has turned its attention to mobile apps from the neighbouring country.
A government lab in Hyderabad is probing how Alibaba-owned UC Browser can send user details and location data to a remote server.
UC Browser sends user and device identifiers such as IMSI (international mobile subscriber identity) and IMEI (international mobile equipment identity) numbers and location data to a remote server based in China, a source said.
When the device is connected to the internet using Wi-Fi, details — including the phone’s and access point’s network information — are sent to the remote server, the source said. UC Browser has a share of nearly 50 per cent of India’s mobile browser market, according to latest data from StatCounter.
The security flaw in the browser was first reported in May 2015 by the University of Toronto.
Meanwhile, the flood of government notices to smartphone makers continued, asking the manufacturers to share details about their security infrastructure.
An official said the government was planning another lot of notices including to Reliance Jio’s smartphone brand, LYF, and others including Videocon and Meizu.
In fact, each and every company which sells or manufacturers phones in India will have to share security details about the devices.
Notices to about 30 companies making handsets have already been sent.
The move by the Ministry of Electronics and IT (MeitY) has come in the backdrop of a military stand-off between India and China in Doklam.
Officials said India aims to strengthen and secure its cyberspace and digital infrastructure, more so in a scenario when most of the firms making smartphones in India have their servers abroad. A majority of these firms are Chinese, which either sell directly or provide parts to Indian manufacturers. There are original equipment manufacturers (OEMs), too, serving Indian firms.
The government believes over-dependency on Chinese firms in the electronics sector, whose servers are not in India, make the data more vulnerable to hacking and misuse.
According to government figures, India is a big importer of electronics goods.
In 2016-17, against a demand of $86.4 billion for electronics goods, the country imported $42.8 billion worth of goods, primarily from China.
The country produced $49.5 billion worth of goods locally, because of the government’s thrust on making electronics goods in India.
The demand for electronics is set to touch $400 billion by 2023-24. Even as Chinese firms have been working in India for the past many years, there are no security standards in place yet.
Since the trade balance in the electronics sector is heavily tilted in favour of China, that’s a concern for India.
The government has set August 28 as the deadline for submitting detailed responses on the safety and security practices, architecture, guidelines or standards followed and implemented in the products and services made for the country.
Based on the responses, the government would start verification and audit of devices, wherever required, the official said.
The government has also warned companies that if the procedures are not followed, it will impose penalties under provisions of the IT Act.