UIDAI number landed in your contact list because of Google

Google owns up to its mistake, but raises concern about Aadhaar ecosystem

Aadhaar

As social media went abuzz with fears of how the Aadhaar helpline number could enter the contact list of users’ cellphones without their consent , Google issued a statement late Thursday night that said it was their mistake on automatic entry of UIDAI numbers. 

However, cyber security experts blamed India’s sloppy handling of its data privacy and cyber security issues which has resulted in gaps that are making the  Aadhaar ecosystem vulnerable. 

Cyber expert Pawan Duggal said it was a wake up call for the government to come out with a robust cyber security policy to handle similar threats from cyber armies of state and non-state actors who can sneak in “not just a number but a computer contaminant” into the mobile phones of millions of Indians. Those within the government who have worked in the cyber security domain are calling it a case of breach of privacy and a matter of concern that exhibits how vulnerable other critical data like PAN card details and others can be. 

Putting a lid to the controversy over who was responsible for this breach of privacy, Google spokesperson said, “Our internal review has revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs (Original Equipment Manufacturers) for use in India and has remained there since. Since the numbers get listed on a user’s contact list these get transferred accordingly to the contacts on any new device." Apologising for being the cause of concern, Google added, "We would like to assure everyone that this is not a situation of an unauthorised access of their Android devices. Users can manually delete the number from their devices. We will work towards fixing this in an upcoming release of SetUp wizard which will be made available to OEMs over the next few weeks.”

However, cyber security experts in the country are of the view that the question that lingers on is—will it be possible to use the UIDAI helpine number or any other entry point into the mobile phone of an individual to write data on it?  

The biggest worry is if someone has the capability to write the number, they can also read, delete or alter the existing data on an individual’s mobile phone, said an official.

This essentially means that there exists a real threat that all data existing on an individual’s phone can be watched and compromised at will. Google, on the other hand, does not have its server in India despite successive governments trying to get the internet giant on board. The Modi government, which was recently stumped by the Facebook/Cambridge Analytica episode, has already expressed serious concern over alleged data leaks and manipulation by global internet giants who have access to all the data. 

“It should be a matter of investigation as to how vulnerable is an individuals data stored on his mobile phone. The government must take this as a wake up call,” said a cyber  security official who did not wish to be quoted. 

Dr. Debabrata Das, a Professor at IIIT-Bangalore and an expert in cyber law, blames the present episode on a complete lack of training and knowledge on the part of telecom service providers, helpline desks and related departments in the private sector who lack knowledge and sensitivity in handling critical data. The Aadhaar scare has come barely a week after the government was patting itself on the back for bringing out a draft for a strong data protection law.

Dr Das says the time has come for the government to examine issues of data privacy more closely so that it does not just safeguard Aadhaar but also PAN card details and other crucial data of individuals so that they do not fall prey to such vulnerabilities again.

TAGS