As we slowly resume churning the wheels of our economy again, there is a growing chorus to replace China-made products with those made in India. A nationwide survey by Network18, which had over 31,000 participants, showed that over 90 percent of people would prefer an Indian product over Chinese counterparts. While it is a noble sentiment, and you should buy the lock made in Aligarh over the one imported from Shanghai, implementing it online requires due diligence from all quarters. This trend has perhaps been most visible on social media and in the tech space. The Remove China Apps app was designed to feed off this new-found sentiment, and the app promised to find any Chinese apps on a user's phone and uninstall it for them. No one really cared about data privacy. That is before Google took it down from the Play Store for Android phones, because it violated more than one guideline.
Case in point is an incident from 2016, where an Indian government-backed researcher discovered that three apps, which claimed to offer ‘patriotic’ news related to the defence services, were actually data-stealing malware. The three apps – Indian Sena News, Bharatiya Sena News and India Defense News (IDN), were available for download till early-2016. While they claimed to curate news pertaining to the Indian military, the underlying app infrastructure hosted Remote Access Trojans (RATs), a commonly used type of malware that steal data and even control your device activity from a remote server.
Before being taken down, IDN’s page on Facebook had over 1,200 likes from users with direct connections to the Indian Army. Among infiltrations that the apps could do were SMS theft, unauthorised video and call recording, and background uploading of device files and screenshots. Using them, Pakistan's ISI was able to take over more than 40,000 Indian devices, and in turn, sensitive data linked to individuals in critical roles.
Have you Also read?
Fast forward to the past 2 years, and over 5 million social media users learnt it the hard way that their love for ‘swadeshi’ had made them download an app whose source code was, ironically, written by a Pakistani coder. Mitron, which was attempting to tap into both the ‘vocal for local’ and the anti-TikTok narratives, had actually bought the entire source code and implemented all features and even the user interface from a Pakisatani software developer, Qboxus. All they did was stick their own logo and claim that they made the app from scratch.
Around the same time, another app began trending on Google’s Play Store. Remove China Apps, which did exactly what its name suggested, cashed in on the anti-China trend as well. Soon, Twitter was full of screenshots where people flaunted all the ‘Chinese’ apps that they proudly deleted. Pity, that very few paused to think of app permissions they were giving away in exchange for a fleeting notion of patriotic pride.
Have you Also read?
Some of the information that the app collected included ‘the number of clicks on the app feature’, full identification of what network you were on, and detailed information about other apps installed on the phone. While it claimed to collect user data to ‘improve’ features, the developers disclosed no details on where user data was stored, and there was no redressal clause in case of a data breach. Essentially, it had all the information about everything that you had on your phone, and you had no clue on how this data was going to be used.
Naturally, it was only a matter of time before it came under Google’s microscope. Its ban from the Play Store expectedly caused furore against the company, but Google was only abiding by its policies. Sameer Samat, vice president of Android and Google Play, said that when apps are allowed to specifically target other apps, it can lead to behaviour that Google believes is detrimental towards both its developers and consumers. "This is a longstanding rule, designed to ensure a healthy, competitive environment where developers can succeed based upon design and innovation. We have enforced this policy against other apps in many countries consistently in the past, just as we did here," he said.
Have you Also read?
What every smartphone user needs to understand today is, if your data falls in the wrong hands, it can substantially damage you. It is not even about potentially compromising pictures – access to your messages can let an attacker get your financial credentials (in a technique known as ‘fingerprinting’), and subsequently dupe you with spam calls and ransomware emails. From contacts to IDs, what happens once all this data falls in the wrong hands?
Many such breaches happen in emotional moments, such as bouts of patriotism. Reports have cited up to 667 percent increase in the frequency of cyber attacks in light of the Covid-19 pandemic. As we tried to read more about the virus, many found simple ways to hide malware inside unassuming PDFs which you thought gave news and insights, but were actually executable trackers that created a bridge between your data and remote servers.
Have you Also read?
Such emotional nationalists are the favourite targets of every PSYOPs (psychological operations). Numerous attacks on rival defence establishments have been made using nationalistic messaging, and the technique isn’t new. It is this that further emphasises the need to remain careful, when downloading apps that want a bit too much of your data. Thankfully, Mitron and Remove China Apps were not known cases of malware or RATs, but that does not guarantee that a similar future app would not be directly harmful.
The next time you see a social media wave promoting any little known app which promises something over the top, think twice. Do not give permission without reading terms and conditions thoroughly. Remember, one emotional moment can wipe out your identity or your bank balance. At worst, such apps can do both.