The government’s interim order banning 59 mobile applications (apps) of Chinese origin citing a potential threat to national security and sovereignty was almost surely prompted by the tensions with China at the Line of Actual Control (LAC) and the nationalist sentiments against all things from the Middle Kingdom. But the decision, hasty as it is, should be utilised to examine carefully our policies and protocols to prevent malicious apps from any state or non-state player being distributed in the country.
The knee-jerk order has provoked the usual responses. One set of people are happy because they feel that it is the first step towards a complete economic boycott of Chinese goods, however outlandish the idea may seem. The other set of people see it as nothing more than a ridiculous distraction because it does nothing to substantially reduce our dependence on Chinese goods or hurt China’s economy. They also worry that TikTok, Bigo Live and other apps have set up operations in the country providing employment to hundreds of people apart from giving a chance to ordinary Indians to become social media influencers.
Those views have merit but neither set of people are discussing one crucial issue – does India have robust protocols to check the spread of malicious apps in the country? What is the guarantee that malicious, data stealing apps from one country will not be replaced by another one from another country? It is an issue that goes far beyond the current spat with China. While Chinese apps have long been under the scanner in multiple countries, some apps from other countries such as Russia and Pakistan have also come under suspicion from time to time.
Chinese apps – and especially TikTok from ByteDance – have been under scrutiny in both the US and EU. The worries about TikTok and other Chinese apps stem from a few things. Most apps, Chinese or otherwise, seek permission to capture far more data than is actually required. This data is often stored in servers in China. The US and EU have expressed worries about this data being accessed by the Chinese government despite the apps saying that no such sharing takes place.
The other worry is that these apps have built-in backdoors that can be used to spread malicious digital viruses or take control of the user’s handset and crucial financial and other data. The last apprehension specifically about TikTok is that as a highly popular social media platform it can be used by the Chinese to spread the kind of messages it wants to its viewers.
The fact that TikTok and BigoLive and others are wildly popular apps often downloaded by even government employees only raises the worries about potential risks. The issue had also been flagged by the RSS affiliate Swadeshi Jagran Manch for a couple of years now though the government always dismissed it as unfounded. In fact, as late as mid-March this year, Union Minister of State for Home, G Kishan Reddy had told the Lok Sabha that the government had received no inputs suggesting a counter-intelligence threat to the country.
Reports suggest that the government has offered the opportunity to TikTok and the others to meet government stakeholders and submit their clarifications to allay the government’s concerns. But before the meeting, the government itself needs to be clear as to what its stance on security, data integrity and data privacy is. This is where not enough work has been done despite the Data Privacy Bill that was introduced in Parliament in December 2019.
Much of the debate around the Data Protection Bill focused around the Indian government’s ability to access data of individuals and of course the worries about whether Aadhaar would provide too much data on individuals to the government. It also put a lot of emphasis on data privacy of individuals, especially financial data, that was being captured by companies ranging from Google to financial intermediaries such as Mastercard and Visa.
What has not been discussed or examined in detail has been whether there is a robust enough process to vet and examine apps being allowed to be displayed in Google Playstore or Apple Appstore in India for threats to capturing and stealing data or monitoring vital information.
It is time to revisit the Bill to see if these concerns have been taken care of and to ensure that we have not only the right clauses but also build up the right capabilities to ensure that some rogue player does not threaten national security by introducing a malicious app.
Once this framework has been decided, it also needs to implement it strictly and ensure that the monitoring is done properly. And that would mean working closely with both hardware and software players to ensure that norms are formed. For example, it could mean ensuring that Google and Apple have clear instructions about the vetting that an app needs to go through before being introduced for the Indian market. Both Google and Apple, the dominant players with app ecosystems have their own protocols before they give permission for an app to be introduced and they take into account national laws before introducing them. The government also needs to ensure that players like Xiaomi who have been allowed to manufacture and sell handsets in the country do not pre-load apps (like the UC Browser or DU battery saver) without permission from authorities when they sell their devices.
But the allowing or banning of apps should be done based on a proper set of data protection and national security rules – and not as a knee-jerk response. That would be a mature response from a mature government.(Prosenjit Datta is former editor of Business Today and Businessworld magazines and is founder and editor of Prosaicview.com)