A Singapore-based cyber firm has recently alerted that Indian companies, banks and even ministries can be the major targets of Chinese hackers. The official site of Indian Railways also came under cyber-attack recently. A number of Indian citizens received mails incorporating fake links offering free Covid tests and users are now asked not to open attachments in unsolicited mails. The Indian ban on various Chinese apps can be seen as a response to such cyber-attacks following the Galwan clash and was implemented through restricting access to content based on the user’s IP address.
The companies, which owned these apps have claimed that the Chinese government has never requested to get data of their Indian users. They have also declared that their data storage is not located in Beijing and that they are also planning to establish a data centre in India.
However, it is a well-known notion that these apps were violating cyber privacy. A new Apple iOS 14 beta privacy feature revealed that TikTok was furtively spying on users’ clipboards. Many other popular apps were also identified to do similar things. Additionally, TikTok was accused of promoting obscene content. However, if digital sovereignty is the reason to block China based apps, then what is the policy for other apps that are not based in China yet are spying on users’ data? Additionally, why did India not block these apps when the phishing was first reported?
Analysts are identifying this ban as a digital or a cyber response following the Galwan Valley clash between India and China. New Delhi is now not in a position to completely stall its trade with Beijing but wanted to give a strong reaction. However, this ban is not at all an answer to cyber-attacks. It is only an interim digital block to China.
Threats in other apps
Apple recently revealed that even Microsoft owned LinkedIn is copying from clipboards. Social media sites like Facebook and Instagram were exposed in data-theft scandals, back in 2019. Popular video calling apps like Zoom were also pulled up for having security flaws. Even Google came under enquiry for its privacy and advertising policies. A France based ethical hacker has recently revealed that the Indian ‘Aarogya Setu’ app has a poor data security policy. The alternatives of the banned Chinese apps do not ensure complete data security. It is also possible to easily hack the Indian apps that are emerging after the ban.
‘The Personal Data Protection Bill, 2019’ was introduced in the Indian Parliament to ensure ‘accountability of data fiduciary’, ‘restriction on retention of personal data’ and other related issues. However, no significant government action has been noticed against these above-mentioned apps - many of which are American in origin.
Chinese investments in Indian apps
Banning China based apps can partially restrict data phishing. But many major Indian apps are financially backed by Chinese companies like Alibaba and Tencent. The 18 Indian unicorns are also heavily dependent on Chinese investments. Compositely, these unicorns have around $3,500 million of Chinese investments. Utilising this leverage, Chinese systems can try to hack personal data through the available Indian apps.
Chinese investment in the Indian technology sector was more than $8 billion from 2018 to 2020. During 2019, Chinese tech giants invested in about 19 projects from the IT and electronics sector in India. Tencent invested around $115 million in an Indian Times Media owned music streaming app. After Chrome, UC Browser is the second most used browser in India - having 17.09% of the market share. TikTok recently donated `30 crore to the PM Care Fund. Diplomatically, the decision to ban these apps might have significant rationale but it also poses a considerable risk to the Indian start-up ecosystem and investment possibilities.
China has banned several foreign apps itself. The country has the most comprehensive internet regulations known as the Great Firewall of China. They have constrained access to their own interface for maintaining digital sovereignty. China has previously banned Facebook, WhatsApp, Twitter and YouTube. Many global powers have criticised China for this policy and many analysts feel that this should be avoided in other countries as well.
India had its first Cyber Security Policy drafted in 2013. It needs upgradation to deal with the changing nature of cyber-crimes which have evolved with emerging technological innovations.
How to secure?
India’s cyber security net has exposed several serious security flaws. The Aadhaar card related security issue in 2018, the State Bank of India’s server security threat in 2019 and the malware attack in the IT server of Tamil Nadu’s Kudankulam Nuclear Power Plant in 2019 are some of the major examples. During the nationwide lockdown in India, digital phishing has increased by 200 times.
Debashish Chatterjee, Senior Vice President - Digital Experience, ITC InfoTech, told BE, “Data security is a large scale and in-depth discussion. During the lockdown, the number of work from home cases has increased leading to a vast scope of digital data violation. Dependency on digital solutions is also increasing. The digital part of data security is crucial at this point of time. Measures are needed to be taken from the governmental end to combat this. The important part is that our existing Cyber Security Policy now needs to be revisited and retuned.”
Banning China-based apps will initially reduce the number of phishing being organised from China but users will have to remain conscious before sharing any personal data through the internet.