Govt Asks Chinese Phone Makers to Heighten Data Security Measures
Non-Chinese phone makers & Indian players are also among companies that have been sent the notice by IT Ministry.
Wary of hacking and stealing of information from smartphones, the government has sent notices to Chinese and other device makers to provide the framework and procedures followed for data security.
As many as 21 phone makers, including leading Chinese brands Vivo, Oppo, Xiaomi and Gionee, have been asked to give "detailed, structured written response" on how they secure data and ensure its safety, a government order said.
The directive comes amid the stand-off between India and China over Doklam, as also the rising concerns over imports of Chinese IT and telecom products. According to an estimate, mobile phone imports stood at 3.7 billion dollars in 2016-17.
The directive follows fears of hacking of information on mobile phones. Notably, many Chinese manufacturers have their servers in China.
Non-Chinese phone makers such as Apple, Samsung, BlackBerry and Indian players like Micromax are also among the companies that have been sent the notice by the Ministry of Electronics and Information Technology.
"The ministry has given time till August 28 to all companies to furnish their responses," a senior IT Ministry official said.
He referred to international and domestic reports on data leaks from mobile phones and said that in the first phase, devices along with pre-loaded software and apps will come under scrutiny.
Based on response of the companies, the ministry will initiate verification and audit of devices wherever required.
It has also warned of penalties under provisions of IT Act 43 (A) in case stipulated processes are not followed.
Any device sold in the country should be compliant with global security standards. If companies fail to comply, further action will be taken. The Act provides for penalties depending on the offences. In certain cases, the failure to take measures can lead to a Rs 5 crore penalty.IT Ministry official
The official said the objective of the exercise is to ensure required data security measures are being taken with regard to hardware and software in mobile phones.
The IT ministry order, dated 12 August, asked the companies to "provide a detailed, structured written response about the safety and security practices, architecture, frameworks, guidelines and standards, etc followed and implemented in your product and services, provided in the country.”
It said there is a need to "ensure the security and safety" of the devices and they should provide "secure transmission and storage of data".
The security of the mobile devices must address all layers, including security for hardware, operating system and application, securing network communications, encryption standards used and the like. Also, the updating of operating system, firmware and application must be done in a secure manner.IT Ministry order
The government wants the phone manufacturers to develop layered security measures that can guard against any unauthorised access.
According to the government, mobile phones particularly smartphones are playing a crucial role in achieving the goals of Digital India and have achieved a penetration of 65-75 percent.
IT Minister Ravi Shankar Prasad had called a meeting of senior officials in the department as well as representatives of Cert-In and others on 14 August to take stock of the situation.
When contacted, Indian Cellular Association (ICA) National President Pankaj Mohindroo said that while there can be no argument on the need to have secure communication and protection of data, the issue needs to be viewed in its entirety.
Different levels of consumer verticals need different levels of security, commensurate with the degree of risk. We need to move towards an ecosystem fostering innovation and creativity in the development of mobile applications, services and transactions etc.Pankaj Mohindroo, ICA National President
The mobile handset industry is "deeply cognizant" of the security requirements of the nation, said ICA, which is a body of mobile handset companies operating in India.
(This article has been edited for length)
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.