“When there is no enemy within, the enemies outside cannot hurt you.” - Winston S. Churchill
Evolution of Warfare:
Since the First World War, the face of warfare has been evolving dramatically. In the First World War, soldiers were busy making trenches and dragging themselves in muddy waters. While in the Second, atom bombs made their noises heard. The subsequent wars brought to fore long range Inter Continental Ballistic Missiles (ICBMs) and ultimately drones. And, today we face an entirely different kind of battlefield – the digital one.
Over the course of time, war has become more and more abstract. Today wars are no longer fought in the form of close quarter battles, but rather from distance – a soldier in California can command a drone strike in Iran, while a hacker in Hubei province of China can execute a malicious code on the target located thousands of miles away.
Fighting physical war is a very costly affair and requires incredible logistics and supply chain management at the highest level. On the other hand, cyber warfare is cheap, individual personal risk is minimal and it’s possible to conduct a cyber attack without victims knowing (or at least being able to prove) who their attackers are.
Thus, cyber warfare is brutal, anonymous and profitable. These attacks raise little to no eyebrows when compared to open transgression of international borders. A nuclear reactor meltdown, sabotage of weapon system, failure of electricity grids etc. can cause substantial and significant fatalities and can cripple a nation into submission. Therefore, countries like China have sharpened their cyber capabilities and are using it to fullest.
From the territorial disputes with Vietnam and the Philippines in the South China Sea to tensions with Myanmar and Thailand, relationships have soured with China. And India is no exception. International border areas that were earlier considered mutually agreed upon and settled has brazenly been claimed by Republic of China in complete violation of all international norms. In fact, China has been trying to bully almost all it’s neighbors simultaneously.
To bully it’s neighbors, China is now regularly employing cyber attacks in clandestine manner. It’s no wonder that Australian faced barrage of well coordinated cyber attacks! And Australian government has learnt it’s lesson well - it’s Prime Minister Scott Morrison announced that $1.35 billion in existing defense funding would be spent over the next decade to boost the cyber-security capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).
The Hidden Weapon – Mobile Applications:
To execute perfect cyber attacks, the more the information about the adversary better it is. And this is where mobile applications come into picture. Before delving deeper, let’s clear the basis of mobile applications first.
Most mobile applications employ client-server architecture. The client runs on the Operating System, which is usually iOS or Android. The client is downloaded by the user on personal device, from app distribution platforms like Playstore and Appstore. As perceived from the user’s point of view, the client installed is the mobile application. This is where the user interacts with to create content, make purchases, read emails etc. But there is another component – the server which is hosted by the developer.
Often this role is performed by the same software responsible for generating and processing the content on the site. In other words, most often the server side component is a web application that interacts with the mobile client by means of APIs – Application Programming Interface. Thus, in reality the server is the more important component, where information is stored and processed. It is also responsible for synchronization of user data between different devices.
Overwhelming majority of these applications are closed source i.e., the source code is hidden from public purview. Therefore, these apps may surreptitiously transmit user’s data in an un-authorized manner to it’s servers.
Abuse of Mobile Applications – Explained:
Most of these Chinese apps, don’t clearly state what information gets collected from users and how the company shares that information once it’s harvested. As expected, how the data may be used is also deliberately left ambiguous.
Most of these Chinese apps collect information far beyond what users provide during the registration/ sign-up stage. For example, they also collect information from third-party social network providers, and technical and behavior information based on the use of the platform. Some, apps also collect information contained in the messages sent through the platform and information from user’s phone book, if access is granted to the same. Thus, data harvested includes data taken from various social media sources like Facebook, Twitter or Instagram if an account holder chooses to link the Chinese app with other platforms. In fact, apps like TikTok even allegedly gather biometric data of it’s users from TikTok videos!
This raises serious concern, because many of these apps have close links with People’s Liberation Army or the Chinese government. Worse, even if these apps don’t have clear links with the army or government, they can still be arm-twisted by the authoritarian Communist regime to part with the sensitive user information.
For these reasons, Chinese apps have frequently found themselves embroiled in controversies around the world. Last year itself, the popular Chinese based video sharing platform TikTok, was sued in USA for illegally stealing information from users and sending it to China, where the app’s parent company ByteDance is situated. The reports by intelligence agencies of several nations have red flagged these Chinese apps over safety and privacy issues of users.
Invoking Section 69 of IT Act:
Given the current geo-political situation and digital warfare looming large, these apps pose very real threat to sovereignty and integrity of India. India has rightly invoked Section 69 A of the Information Technology Act, read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 to block these Chinese apps.
Section 69 A of IT Act: Power to issue directions for blocking for public access of any information through any computer resource -
(1) Where the Central Government or any of its officer specially authorized by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2) for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.
These apps in all probability have been illegally and secretly harvesting vast amounts of personally identifiable user information and sending it to China. The data gathered by these apps can be used to identify, profile and track users in India, which raises serious privacy and security concerns for 130+ crore Indian users.
Therefore, these mobile applications must come out clean - clearly stated data collection, sharing and usage rights. Besides, they must comply with all the laws of the land, including creation of data servers in India. Till the time, these apps don’t exhibit complete transparency in their operations, they pose grave threat to defenses of India, and must not be allowed to operate in the Indian cyber space.