India’s Smartphone Security Shake-Up: Testing and Tackling Pre-installed Apps
As per a government document and two anonymous sources cited by Reuters, India proposes new security regulations requiring smartphone manufacturers to delete pre-installed apps and ensure screening of significant operating system updates.
The details of the new regulations, which have yet to be disclosed, may cause delays in smartphone releases in India, the world’s second-largest smartphone market. It could also result in revenue losses for Samsung, Xiaomi, Vivo, Apple, and other players due to removing pre-installed apps.
We want to ensure that pre-installed apps do not become a weak point in the security of our country and that foreign nations, including China, do not take advantage of them. This is a matter of national security,” said the official.
India has increased its examination of Chinese businesses since the border conflict with China in 2020 and banned more than 300 Chinese apps, including TikTok. Furthermore, it has intensified the scrutiny of Chinese firms’ investments.
Many countries worldwide have implemented limitations on technology usage from Chinese companies such as Huawei and Hikvision, citing apprehensions that Beijing could utilize them to conduct surveillance on foreign nationals. China has dismissed these accusations.
Currently, most smartphones are sold with pre-installed applications that cannot be removed, including Xiaomi’s GetApps app store, Samsung’s Samsung Pay mini payment app, and Apple’s Safari browser.
As per two individuals who are privy to the plan, smartphone manufacturers are obligated to offer an option to uninstall pre-installed apps under the proposed regulations. Additionally, a laboratory authorized by the Bureau of Indian Standards agency will examine new models for compliance.
One of the individuals said, “the government is contemplating a requirement for conducting a thorough examination of all significant operating system updates before their release to consumers.”
According to a confidential government document of an IT ministry meeting held on February 8 and seen by Reuters, many smartphones utilized in India have pre-installed apps/bloatware, creating significant privacy and information security concerns.
According to the meeting record, the confidential meeting was attended by representatives from prominent smartphone manufacturers such as Xiaomi, Samsung, Apple, and Vivo.
The document further revealed that the government had provided a one-year timeline for smartphone makers to comply with the regulations once the rules become effective. However, the exact implementation date has yet to be determined.
Despite Reuters’ request for comment, India’s IT ministry and the companies involved did not respond.
According to Counterpoint data, China-based companies like Xiaomi and BBK Electronics’ Vivo and Oppo command nearly 50% of India’s rapidly growing smartphone market. Based in South Korea, Samsung has a 20% share, while Apple holds only 3%.
Although European Union regulations mandate the capability to delete pre-installed applications, it does not have a mechanism for verifying compliance, as India is contemplating.
An industry executive contended that certain pre-installed applications, such as the camera, are vital for the user experience and that the government should differentiate between essential and non-essential apps when implementing screening rules.
ESOF AppSec carries out the verification of significant operating system updates.
ESOF AppSec from TAC Security offers extensive testing of your applications across diverse environments and helps you identify vulnerabilities in your web and mobile assets. The following are some of the capabilities of ESOF AppSec:
- Identifies the SANS Top 25 and OWASP Top 10 vulnerabilities and ensures that our applications undergo vulnerability assessment throughout the DevSecOps cycle to eliminate shortcomings.
- ESOF AppSec accurately detects the most crucial vulnerable assets and vulnerabilities. The Cyber Risk Score is a distinctive characteristic of ESOF, elevating your IT stack’s security posture and saving valuable time.
- The exhaustive routine scans the complete source code of your mobile application and detects potential security and privacy concerns.
- The ESOF Scanners conduct Blue Box and Black Box tests by eliminating false positives and providing precise results.
The recently introduced ESOF Prediction feature by TAC Security utilizes past trends and patched vulnerabilities to anticipate potential vulnerabilities and rate them based on severity.
To know more about ESOF AppSec, Download ESOF AppSec Datasheet Now!