Experts bat for stronger cybersecurity

Companies seek permission to access your data on phone, they are storing key information without permission.

Update: 2017-09-19 20:34 GMT
Representational image.

Hyderabad: Most people in India are hooked to their smartphones and it is no wonder that a global survey found out people tend to access on an average ten apps per day. 

However, not many are aware that tech firms and agencies keep a track of and monitor every move of yours by creating a profile of you, your preferences, interests and lifestyle habits without your knowledge, and use this information to further their business interests.

This is because of the lack of strong privacy laws specific to IT, poor enforcement, almost zero awareness among the public, and its disinterest in scrutinising the terms and conditions of each app, that admittedly, run into several pages.

Companies seek permission to access your data on the phone, but they are storing key information and personal details concerning you without your consent.

According to Subramanyam Lakshmi-narayan, vice-president, security operations centre, Cloud4C, Hyderabad, “The law of the land has to be very strict. 43(A) of the Information Technology Act is related to privacy, but there is neither enforcement nor awareness of it. In the US and European countries, the laws are much stronger and even implemented strictly, giving a stern message that privacy of individuals has to be respected.”

Each app, at the time of installation, asks for a host of permissions to access contacts, messages, storage, device app history, camera, and media files, location etc. 

The moment you touch the accept button for each permission asked by the app, and complete the sign up process, you will be on its radar whenever you access it. They will keep an eye on your email account details, exact location at any given point, your residence address, places you frequent like shopping malls, restaurants, movie theatres etc. In a way, your privacy, sensitive information and personal data is not yours anymore.

According to Subramanyam Lakshminarayan, vice-president, security operations centre, Cloud4C, Hyderabad, users have no option to deny permission for a few and give access to some options while signing up for some apps. Also, they don’t have the option not to tick a box for three or four conditions in, say, a 20-odd list that apps ask in the ‘terms and conditions’. If you deny permission, you cannot install the application at all, he pointed out.

A Santosh Kumar, a city advocate who specialises in cyber laws, said that firms use phones for business purposes, and there is every chance of theft of sensitive data by third parties, who could misuse it to cause a big loss.

The subject of privacy has come to the forefront with Google coming out with a payment app, Tez. S Jeyaram, managing director of SP Software in Madhapur, says that Google Tez uses UPI (Unified Payments Interface), which uses only the mobile number to access bank account. Anybody who can clone your SIM card can easily siphon off your money. That’s what happened recently with Bank of Maharashtra, which lost Rs 25 crore in one of the biggest UPI frauds. 

Although an additional layer of security like ATM pin number is being used by some banks, still, universally, UPI has to improve its security drastically, Mr Jeyaram said.

Google Tez may have an additional layer of security like sound and proximity, but it's too early to comment how secure this makes it in practical terms. Many mobile operating systems themselves are not completely fool-proof in terms of security and are therefore vulnerable to security breaches such as stealing passwords, retrieving transaction validation codes etc, Mr Jeyram said.

Similar News