News, insights and resources for data protection, privacy and cyber security leaders

Indian Government Mandates Cyber Security Standards for Phone Makers

With the coming of the Digital Age, the world has become globalized. Business people can run their companies on a global scale from the comfort of their offices. People can order goods from halfway around the world. And more dangerously, lax cyber security standards by phone makers has exposed more people to cyber security risks, according to the Indian Ministry of Electronics and IT.

 

Phone makers pose cyber security risks

Every time a smartphone user downloads and uses an application, they release their information to third parties such as Facebook and Google. A study by IMDEA Networks Institute of Spain showed that about 70% of all apps that run on smartphones report their users’ information to third party services. The data that phone makers release to these companies go beyond simple habitual use. It could include everything from financial information and personal details to biometrics and location data. “This violates data privacy for all phone users,” said Rajiv Mehrishi, the former Union Home Secretary when speaking to a parliamentary panel on July 21st. Mehrishi’s report also noted that the information smart phone users shared also made them liable to hacking by security agencies like the U.S. Central Intelligence Agency.

This is not the first time that security industry experts have questioned the security risks posed by phone makers and allegedly unscrupulous security agencies. A few months back, a data dump by WikiLeaks hinted at massive hacking by the CIA. According to the leaks, the security agency exploited insecure networks and operating system weaknesses in Google’s Android and Apple’s iOS to access users’ data illegally.

 

Cyber security standards for phone makers

Increasing cyber security risks in India have led the government to demand that all phone makers report their hardware, software and network security measures to the Ministry of Electronics and IT by August 28th. The companies have to comply with the cyber security standards based on recommendations from the RBI and the Department of Telecom and guided by the IT Act. The mandate is expected to encourage cyber security standardization across the entire Indian digital platform, which is valued at over $500 million and according to the Union Minister for Electronics and IT Ravi Shankar, grow to over $1 trillion by 2022.

As the mandate takes effect, smartphone companies operating in India will have to report and if necessary improve their cyber security standards. Over 30 smartphone manufacturers will be affected by the directive including global players like Apple and Samsung, firms from the neighboring Chinese territory including Oppo, Vivo and OnePlus as well as home-grown phone makers like Micromax and Lava. Minister Shankar affirmed that all these phone makers ‘must be compliant’ with the directive. It is not clear what the penalties for defying the mandate will be.

 

India’s digital economy needs cyber security standards

Stringent policies to improve security on India’s digital economy will not only affect the phone manufacturing sector. According to the report by the Ministry for Electronics and IT, even banks will be required to tighten their security measures and get cyber security auditors.

As technology becomes more sophisticated and hackers gain more skills, security measures like these might just be the only way to keep consumers safe from privacy violations and illicit data use.

 

 

Scott Ikeda

Asia Correspondent at CPO Magazine
Scott Ikeda is a technology futurist and blogger for more than 15 years. He travels extensively throughout Asia and writes about the impact of technology on the communities he visits. Over the last 5 years, Scott has grown increasingly focused on the future landscape of big data, surveillance, cybersecurity and the right to privacy.

Leave A Reply

Your email address will not be published.

Subscribe and Get 50% Off 6-Hour Workshop Video

PIAs and the ISACA Privacy Principles: Effective Tools to Identify and Mitigate Security and Privacy Risks

Thanks for subscribing!

Pin It on Pinterest

Share This