Few days ago, the Indian government banned 59 mobile apps originating with developers from China and also asked internet service providers (ISPs) and telecom operators to block access to these apps from the country. The Indian government says it received complaints against these apps for stealing and surreptitiously transmitting users' data in an unauthorised manner to servers which have locations outside India.
The statement from the ministry of electronics and information technology (MeitY) states: "The compilation of these data, their mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures."
The apps banned include TikTok, WeChat and UC Browser and Xiaomi's Mi Community, among others.
However, banning these 59 most prominent apps does not ensure that all your personal data is safe and that there is no invasion on your privacy. On the contrary, almost every app installed on the mobile device demands some or the other permission and access to personal data.
Some permissions are necessary, such as a bank's authentic app may need access to your personal information to ascertain that it is indeed you who is accessing the app. However, as security experts have been pointing out, most apps installed on the device try getting permission for some totally irrelevant function or feature of the handset.
As I had explained in one of my articles last year
, that a simple app like a flashlight (not many uses it due to built-in torch feature of smartphones) was found seeking as many as 25 permissions, on an average.
Any mobile app seeking more permissions than it needs is not only dangerous, but has the potential to harm the user either financially or through misusing personal data, thus violating user privacy. However, not many users even think twice before granting blanket permissions while installing an app.
One of the common reasons I have come across from such users is "I have nothing to hide so why should I not grant these permissions?" Such 'lazy' reasoning shows the lack of understanding of the interconnected and greedy digital world that observes no boundaries.
Apps can request outlandish permissions, but that does not mean that they carry out malicious activities, per se. Unfortunately, permission sought by mobile apps and granted by users is a grey area. Some apps that the user wants will not be installed if even a single permission is denied or some app may not work properly without those permissions. For example, the recently banned SHAREit app does not work without the user granting permission to access location data or contact list on the device. If you are transferring data locally from one device to other, why would you need to access location information and contacts?
Here is a small clarification. The app developer may not even require all the permissions sought by the app. Sometimes, the app developers integrate ad software development kits (SDKs) into their code to earn money from advertisers. To allow these SDKs to target users with ads, the apps request countless permissions.
The Arrka Privacy Lab from Arrka Infosec Pvt Ltd has explained the relation between app developer, SDK, increasing number of permissions required for an app to function and the risks it pose to user’s privacy.
So far so good. However, in India, and anywhere across the world, people are not only using Chinese apps, they are using mobile devices too from brands with origin in that country. And many of these Chinese phones come bundled with pre-installed apps (known as bloatware) that cannot be uninstalled. At the most, the user can disable the app.
But do remember, this is the same case with almost all the mobile phones sold. So either you will have to live with these pre-installed apps or disable them, irrespective of the mobile brand.
Since the Indian government has banned 59 apps that come from developers in China, once these apps are removed from app stores, there will be no updates or upgrades. In addition, once ISPs and telcos block access to internet protocol (IP) addresses to these apps, the user will have no option but to stop using them.
The question now is, how about other apps installed on your mobile device, its security and permissions? If you are using iPhone, then under privacy in the settings, you can check and decide allowing an app to access any particular service or feature.
On Android phones, dangerous permissions sought by apps are categorised into nine groups. This includes, body sensors, calendar, camera, contacts, location, microphone, phone, SMS and storage. You need to go to privacy or permission from the settings. Do a thorough and proper check here and find out if that particular app indeed needs access to the group.
As I stated earlier, the flashlight app does not need access to your body sensors, calendar, contacts, location, microphone, phone, SMS or even storage. So, you can safely deny these permissions. If the app works without these permissions, well and good. If it does not, then simply uninstall it as it would be dangerous for you and your personal data.
Mainly, do check the phone access sought by all apps. Permission for phone gives an app access to your phone number, cell network information, call status, voicemail, VoIP, and allows it to read and edit calling logs, and even redirect calls to another number. Any malicious app, if given this permission, could spy on your phone usage behaviour and even make calls without your knowledge or approval.
So What Should You Do?
1. Before installing any mobile app, make it a habit to read about the app, and its reviews. Notice if reviewers’ comment on whether or not the app does what it says it will do.
2. Check permissions that the app needs. Granting incorrect permissions can send sensitive data to cybercriminals, including information such as contacts stored on the device, media files and insights into personal chats.
3. Do read the privacy policies and terms and conditions of the app, as mentioned by the developer.
4. Find out more details of the developer from the play store. Also visit the website of the developer and search for more information about the app and its developer.
5. Install a trustworthy anti-virus app, which acts as a safety net, and can identify apps that are infected with adware or malware.
6. Feel like a royal while using your mobile, but be extra alert while granting permission to any app.
7. Be alert and cautious every time you use your mobile devices. It will save your personal data and privacy.