Concerns over security of handsets

Government has given nearly 500 customised Google Pixel phones with Reliance Jio SIM cards to senior bureaucrats for “secure communication,” a top government official told The Hindu.

The phones, which run on Android OS, have a pre-stored directory that contains the number of all officials above the rank of joint secretary. The phones were distributed two months ago.

More RAX lines

The government already uses RAX, a fixed landline secure communication network and after the NDA government came to power, the number of RAX lines were increased from 1,300 to 5,000.

Explaining the rationale behind the phones when RAX exists, a senior government official told The Hindu, “being a landline connection RAX has a limitation; the mobile phones will ensure communication even if an officer is out of office. They have been customised to suit the security needs.”

Largely unused?

However, another official said many officials were not using these phones and they were kept as “showpiece.”

“If you call up any of the pre-stored numbers, seldom anyone picks up. They prefer to talk on the office landline. Its use has not picked up,” said the official.

Recently, the Computer Emergency Response System- India (CERT-IN), the cyber security arm of the government, sought details of the security process followed by over 30 handset firms selling mobile phones in the country.

In the letter, accessed by The Hindu, CERT-IN DG Sanjay Bahl said security measures must be developed and applied to smartphones “from security in multiple layers of hardware/ firmware/ software to the dissemination of information to...users.”

The government is planning to create a secure communications ecosystem for its officials, particularly those working in sensitive sectors like defence, telecommunication and intelligence. The Ministry of Electronics and IT is working on a framework to secure not only mobile phones, but also email used by government officials.

"The mobile smartphone devices are playing a crucial role in achieving goals of digital India and have achieved an impressive penetration of 65% to 75% in the country. Today, these devices hold valuable information of users while empowering them to interact with their surroundings and innovative ways. Citizens place that trust in the convenience and productivity that these devices offer,” the letter said.

A government presentation on vulnerabilities of smartphones said that in November 2016, a security firm Kryptowire has raised concerns over a Chinese firm transmitting phones, including contacts and text, to servers in China. “The company Shanghai AdUps bypassed Android permission model, executed remote commands with escalated privileges and was able to reprogramming the device,” an IT ministry official said.