Context :
Government to implement mobile privacy and security initiative: Rajesh
Pant /
ET / 11 Dec 2021
Extract :
The Centre is implementing an ambitious program for mobile privacy and
security which would alert
citizens to the vulnerabilities present in their mobile phones and applications
installed on it, National Cyber
Security Coordinator, Lt General ( Retd ) Rajesh Pant said
( ncsc@gov.in )
“ We are also implementing a project called ICAPS. That is the Indian Citizen Assistance for Mobile Privacy and
Security
It is a project where the objective is to build an integrated server
system which can collate all the mobile security-related information
and provide customized and
actionable knowledge to individual Indian citizens to secure their
mobile devices and data on those devices “, Pant said at the Indian Mobile Congress ( IMC ) 2021
The new system
would verify the handset model and the
applications installed on it and send a message to alert about vulnerabilities if
any, while the relevant information would be provided to citizens in their native
language, or the language that they understand
The
solution should not only inform but also answer
questions in a manner that users can understand , Pant said, adding
queries such as on mitigating vulnerabilities, and relevant Government
advisories, would be addressed
With consumer IoT now entering the
workspaces, Pant said that vulnerabilities represent significant potential
risks for individuals and organizations of all kinds
“ We are going down to the semiconductor level, the
silicon level and see where the chips are coming from,
and what is the importance of those chips in that particular product and then
only we are certifying that it is a trusted product “, Pant added
On June 15, this year, the government launched an
online mechanism and mandated any equipment connected to the National Telecom
Network, must have trusted products from a trusted source
MY COMMENTS :
Ø This is indeed, very good news. I hope, Govt will require all mobile
phone manufacturers, to pre-install ICAPS software, before a device leaves
factory gate
Ø Then there is the question of hundreds of APPS which come pre-installed
with a smartphone - AND - which the user, simply cannot UNINSTALL ! This must
not be permitted. User should be able to UNINSTALL any app that he does not
need
Ø Apart from the mobile phone manufacturers, even Mobile Service Providers
( MSP ), install apps from time to time, without explicit permission of the
users. This too must be prohibited
Ø Most smart-phone users access web portals from their mobiles ( rarely
from tablet – PC ) and download apps. Most of these “ steal “ user data . A
vague – and long – “ TERMS “ statement is required to be “ I ACCEPT “ click .
Can Govt send a “ VULNERABILITY WARNING “ ( to person downloading ), within minutes of
download ? And suggest “ Action “ ?
Ø As it happened recently in case of PM’s Twitter account getting hacked
for posting a FAKE news, can ICAPS immediately alert all mobile phone owners
about such incidences ?
Ø Currently, mobile App developers upload their apps on Google Store or
Apple Store . Users download from these stores . Can Govt develop a “
VULNERABILITY SCORE “ ( on a scale of 1
> 10 ) and assign such a score to each and every App ? – and “ mandate “ that Google / Apple Stores display these
scores against each app ?
Ø How do ICAPS expect to catch those “ NO CLICK “ spying soft-wares ( like
what PEGASUS recently launched ) ?
Ø It is hoped that “ access “ to ALL the smart-phones in the country ( 1
BILLION ? ), by Central Government’s “integrated server system “, would not lead
to the Central Government , snooping and listening / recording, everything a user
is doing with his Apps !
Ø On the UPSIDE, such “ integrated server system
“ with dynamic / up-to-date, database of ALL the mobile phones ( including
Feature Phones where too, some APPS are about to start working ), would greatly
facilitate implementation of :
# Monetizing
of Personal Data by data-owners
# Every
citizen’s Health Records
With Regards,
Hemen Parekh / hcp@RecruitGuru.com / 14 Dec 2021