Google takes blame as UIDAI number pops up on contact lists, says user data not compromised

Tech giant Google said on Friday that it was responsible for a coding flaw that caused a defunct Unique Identification Authority of India (UIDAI) helpline number to mysteriously appear in the contact lists of mobile phones running on its Android operating system.

The clarification came hours after a social media storm against UIDAI, with users blaming the agency, which oversees the Aadhaar identification system, for pushing the information to their devices without their consent.

“Our internal review has revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs (original equipment manufacturers) for use in India and has remained there since,” a Google spokesperson said. “We are sorry for any concern that this might have caused, and would like to assure everyone that this is not a situation of an unauthorised access of their Android devices.”

The flaw did not mean any data of users had been compromised, the spokesperson added.

Earlier in the day, the UIDAI and telecom operators said they were not responsible for the number being fed to people’s phones .

“UIDAI has reiterated that it has not asked or advised anyone including any telecom service providers or mobile manufacturers or Android to include 18003001947 or 1947 in the default list of public service numbers,” a statement by the agency said, referring to the number that Twitter users found under the name ‘UIDAI’ on the contact list of their devices.

Throughout Friday, UIDAI was among the top five trending topics on Twitter, with nearly 2,000 posts on the issue by evening.

Helpline numbers can be pre-programmed into mobile devices by operators, device makers or developers of the device’s operating system. Mobile operators denied programming the UIDAI number, according to a statement by the Cellular Operators Association of India.

Two Twitter users indicated the responsibility could lie with Google. Arnav Gupta, an Android application developer, and Kingsly John — who described himself as someone who “comments on mobile-developer issues” — were among the first to spot the issue.

“The number does not exist on a fresh install before the device connects to the Internet. So it is coming from the Internet, and not present in the OS itself,” Gupta tweeted first, after which John experimented with his phones to ascertain how the number found its way into contact lists.

“At present, it is definitely Google which is adding the entries,” John told Hindustan Times, explaining that he noticed the number even on personal computers emulating an Android device.

UIDAI’s Aadhaar project has been criticised by activists as a threat to people’s privacy for its ability to create exhaustive profiles of individuals by potentially being able to trace crucial information like phone calls and banking transactions.

A five-judge bench of the Supreme Court is due to deliver a verdict on a clutch of 27 petitions challenging the constitutional validity of Aadhaar.

First Published: Aug 04, 2018 00:06 IST