118 apps with connections to China, including the famous online game PUBG, have been banned by the Ministry of Electronics and Information Technology (MEITY), Govt. Of India. The apps have been banned citing data privacy and cybersecurity concerns after geopolitical tensions continued to rise between the two nations along the disputed border in eastern Ladakh.
The apps that have been banned according to the recent government order include business collaboration tool WeChat Work, search engine Baidu, a VPN for TikTok, video hosting service Youko, cloud storage agent Weiyun and most notably the online multiplayer game PlayerUnknown's Battlegrounds (PUBG).
In India, PUBG is distributed and published by the Chinese tech giant Tencent. Apparently, PUBG had more than 40 million active monthly users in India, which accounted for more than one-fourth of the game's lifetime installs.
India’s Statement on the Ban
Last Wednesday the Ministry of Electronics and Information Technology (MEITY) issued a statement banning the 118 apps. In the statement, the government raised concerns regarding information security and reported that those apps were engaged in activities which can be regarded as "prejudicial to sovereignty and integrity of India’s defence and security of the state and public order".
The ministry raised serious questions on the security and data localization policy of these apps and noted that it has been receiving "many complaints from various sources including several reports about the misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India".
The statement also highlighted how the compilation, mining and profiling of sensitive user data by these notorious apps which can be "hostile to national security and defence of India," is a matter of serious concern and requires immediate action.
"This move will safeguard the interests of crores of Indian mobile and internet users. This decision is a targeted move to ensure safety, security and sovereignty of Indian cyberspace," the statement further added.
How TikTok and Other Apps are Stealing Your Data?
As the publicity of many Chinese apps like TikTok increased, the several security concerns related to these apps started to come into light as well. These Chinese apps are obliged under the Chinese law "To support and cooperate with intelligence work controlled by the Chinese Communist Party". Accordingly, they capture sensitive user data and use it in ways that are deemed illegal and against the established security standards of countries like India.
Here is how some famous apps were stealing your data:
TikTok uses HTTP instead of HTTPS to transfer its media files. The major difference between these two is that while HTTPS uses encryption to secure file transfer, HTTP doesn’t. So, user files become sensitive to thefts. TikTok also captures usernames, phone numbers and location data of users.
Shein had potential malware deployed on its corporate servers by malicious hackers and this led to the compromise of user email addresses and encrypted password data. Data of millions of its customers was stolen in this manner.
Similar to TikTok, UC Browser downloads its updates via a direct HTTP connection instead of official app stores and thereby introduces the risk of third parties intercepting and stealing the data in transit.
On several occasions, this app has been accused of asking for unnecessary permissions and committing ad-fraud in order to steal sensitive user information. Its Clean Master app was found to steal browsing information from millions of Android users worldwide.
Apps like Helo ask for camera and microphone access even though they don’t need it for their functionality. The app is known to alter its security controls in order to sniff on user information it doesn’t need.
PUBG is notoriously known to steal iOS users’ saved clipboard data which might contain saved usernames and passwords. The app is also known to transmit user information to unknown server locations across the globe.
Latest updates from PUBG
PUBG Corporation is actively monitoring the situation around the recent bans of PUBG Mobile Nordic Map: Livik and PUBG Mobile lite in India. It has seen an enormous amount of support from the player base in the country for the game and wishes to thank the group for their passion and enthusiasm.
PUBG Corporation fully recognizes and accepts the steps taken by the government as the safety, and protection of player information is the organization's main concern. It hopes to work inseparably with the Indian government to discover a solution that will allow gamers to actually drop into the battlefield while fully agreeing with Indian laws and guidelines.
Considering ongoing turns of events, PUBG Corporation has chosen to no longer authorize the PUBG Mobile Franchise to Tencent Games in India. Pushing ahead, PUBG Corporation will take on all distributing obligations inside the nation. As the organization investigates approaches to give its own PUBG experience to India soon, it is focused on doing by localizing the gameplay environment for its fans.
The organization is investigating various approaches to connect with its locale in India through different area based exercises, including esports and network occasions.
How Banning of These Apps is Revolutionizing India’s Security Ecosystem?
One security review commissioned by a leading news agency found out that leading Chinese apps transfer user data to certain outsider parties and around 69% of the data was being transferred to countries like the US and China.
The way these organizations were treating user information and breaching the policies of data localization, it was necessary for the government to intervene and take necessary steps to protect national security and safeguard the security ecosystem. Digital businesses will certainly learn a valuable lesson from this step and align their security policies with the stringent regulations set forth by the government.
The Indian government is also pushing the multinational mobile handset makers to strengthen their data security measures and shift their user data to servers located in India only. The leading smartphone sellers in India, including Xiaomi, OnePlus and Vivo, said that they are already working on transferring their databases to servers in India.
Talking about data localization, Appknox is renowned to offer data localization as a service to businesses around the world.
Appknox's data localization platform is compliant with HIPAA, OWASP, PCI-DSS, SOC 2 and other leading compliance standards and more than 250 leading enterprises from more than 15 countries trust its services.
Look Into Data Localization Policy By India
Data privacy is a fundamental right in India. The concerned organizations are required by the law to store at least one copy of acquired user data on Indian servers and maintain the policy of data localization. Public Record Act of 1993 was one of the first regulations which brought the requirement of local storage of data and restricted the transfer of public data outside India.
India’s government and its central bank (RBI) have also come up with guidelines on data security, data backup and restoration, application architecture and access management in order to maintain the sanctity of user information. Some major laws and guidelines related to privacy and data protection in India include:
Indian Penal Code (IPC), 1860:
Norms related to cyber frauds and identity thefts are included in the Indian Penal Code (IPC) 1860 which is generally invoked along with the IT Act of 2000.
IT Act, 2000:
This is the primary law in the country regarding cybersecurity and legal eCommerce business in India.
Personal Data Protection Bill, 2018:
The bill proposes provisions for taking stringent action regarding the illicit collection and misuse of sensitive user information of Indian citizens by business firms.
The Indian government has set a serious example for organizations all over the world and it has become evident now that they have to make radical changes in order to secure user information. Businesses now need to adopt a comprehensive approach to address the pertinent data localization and data security regulations and stay compliant with the existing laws and work on the principles of transparency and trust.