India plans new security testing for smartphones, crackdown on pre-installed apps

0

NEW DELHI , March 14, 2023: India plans to force smartphone makers to allow removal of pre-installed apps and mandate screening of major operating system updates under proposed new security rules, according to two people and a government document seen by Reuters.

The new rules, details of which have not been previously reported, could extend launch timelines in the world’s No.2 smartphone market and lead to losses in business from pre-installed apps for players including Samsung (005930.KS), Xiaomi (1810.HK), Vivo, and Apple (AAPL.O).

India’s IT ministry is considering these new rules amid concerns about spying and abuse of user data, said a senior government official, one of the two people, declining to be named as the information is not yet public.

“Pre-installed apps can be a weak security point and we want to ensure no foreign nations, including China, are exploiting it. It’s a matter of national security,” the official added.

India has ramped up scrutiny of Chinese businesses since a 2020 border clash between the neighbours, banning more than 300 Chinese apps, including TikTok. It has also intensified scrutiny of investments by Chinese firms.

Globally too, many nations have imposed restrictions on the use of technology from Chinese firms like Huawei (HWT.UL) and Hikvision (002415.SZ) on fears Beijing could use them to spy on foreign citizens. China denies these allegations.

Currently, most smartphones come with pre-installed apps that cannot be deleted, such as Chinese smartphone maker Xiaomi’s app store GetApps, Samsung’s payment app Samsung Pay mini and iPhone maker Apple’s browser Safari.

Under the new rules, smartphone makers will have to provide an uninstall option and new models will be checked for compliance by a lab authorized by the Bureau of Indian Standards agency, two people with knowledge of the plan said.

The government is also considering mandating screening of every major operating system update before it is rolled out to consumers, one of the people said.

“Majority of smartphones used in India are having pre-installed Apps/Bloatware which poses serious privacy/information security issue(s),” stated a Feb. 8 confidential government record of an IT ministry meeting, seen by Reuters.

The closed-door meeting was attended by representatives from Xiaomi, Samsung, Apple and Vivo, the meeting record shows.

The government has decided to give smartphone makers a year to comply once the rule comes into effect, the date for which has not been fixed yet, the document added.

The companies and India’s IT ministry did not respond to a Reuters request for comment.

‘MASSIVE HINDRANCE’

India’s fast-growing smartphone market is dominated by Chinese players, with Xiaomi and BBK Electronics’ Vivo and Oppo accounting for almost half of all sales, Counterpoint data shows. South Korea’s Samsung has a 20% share and Apple has 3%.

While European Union regulations require allowing removal of pre-installed apps, it does not have a screening mechanism to check for compliance like India is considering.

An industry executive said some pre-installed apps like the camera are critical to user experience and the government must make a distinction between these and non-essential ones when imposing screening rules.

Smartphone players often sell their devices with proprietary apps, but also sometimes pre-install others with which they have monetisation agreements.

The other worry is more testing could prolong approval timelines for smartphones, a second industry executive said. Currently it takes about 21 weeks for a smartphone and its parts to be tested by the government agency for safety compliance.

“It’s a massive hindrance to a company’s go-to market strategy,” the executive said.