NEW DELHI: The ministry of electronics and IT has directed 21 smartphone makers, most of which are Chinese, to inform it about the procedures and processes they follow to ensure the security of mobile phones sold in India , following reports of data leakage and theft.The smartphone makers, which include global players such as Apple and Samsung, Chinese makers such as Oppo, Vivo, Xiaomi, Lenovo and Gionee, besides home-bred ones such as Micromax have been asked to provide details about security practices, architecture, frameworks, guidelines and standards followed for providing secure transmission and storage of data, a senior official in the ministry said. The details have been sought irrespective of whether the companies make their devices in India or import them.He added that the government will verify the details provided and warned of action if it is revealed that some have failed to meet security requirements.Under the IT Act , a company has to make sure that it keeps the data of users safe. Violations can be punished by unlimited compensation and penalties of Rs 5 crore through state-level arbitrators.Handset makers did not individually comment on the development as most said they hadn’t received the notice. Sources at most companies including Apple and Samsung said they won’t have a problem sharing how privacy is protected.“There’s a need to ensure safety and security of mobile phones or smartphone... that hold valuable information of users as they use the phone to make digital payments and have personal data,” the ministry official said.Cases of contact lists and text messages being leaked have surfaced internationally and locally, while there were concerns about data on remote servers. A number of companies selling phones in India are Chinese and most of their servers are not in India.Another official added that since the security issue is not addressed in the existing voluntary standards, the government will know if standards need to be tightened or made mandatory.The government officials didn’t directly link the government move to India’s latest border tensions with China , but industry insiders noted the move comes amid continuing standoff between the two nations’ armies at Dokalam. This, besides rising concern over imports of IT and telecom products from the neighbouring country on the grounds that much of it may be used to gain unlawful access to critical information with many Chinese manufacturers having their servers in their home country. Parts of India have also witnessed anti-China protests, with some calling for boycott of Chinese products including smartphones For the financial year ended March, mobile phones worth about $3.74 billion (Rs 23,754 crore) were imported into India as per government data, while phones worth Rs 90,000 crore were made locally. About 54% of the Indian smartphone market has been cornered by Chinese companies including Xiaomi, Lenovo, Oppo and Vivo, and several others like Comio and Voto are making their way to the fastest-growing smartphone market in the world. As per a recent Confederation of Indian Industry study, Chinese investment in the electronics and information technology products sector is worth nearly $22 billion.“A crackdown could seriously dampen the prospect of Chinese smartphone players that heavily skin (read change internally from the base upwards) Android to differentiate,” said Rushabh Doshi, an analyst at Singapore-based Canalys said.He added that if the government plans swift action on unsuitable software, it could impact business. “Vendors may need to roll out quick security updates to ensure devices remain suitable to use.”In an August 14 letter, the government’s Indian Computer Emergency Response Team (CERT-In) gave the companies until August 28 to provide the information. This has to cover the handset, the operating system, browser on the device and pre-loaded apps.The official said that testing and verification of devices will be conducted in India and the government was upgrading its existing laboratory facilities for this, adding that media reports about data leaks led to the move, without naming specific instances or companies.The official said smartphones played a vital role in the government’s Digital India programme, having achieved 65-75% penetration and that people “place their trust in the convenience and productivity offered by these devices”. Securing them was therefore essential.“Information flowing out of the country is a concern, and this is not the first time this has been raised by the government. Globally, there are examples of governments asking for data, for example China, which has rules restricting data going out of the country, and companies have provided details like this, when asked for,” said Jaipal Singh, senior analyst at IDC India.India has stepped up action on ensuring data security. The ministry of electronics and IT has also started working on a specific data protection law, which is expected to cover aspects such as data sovereignty, data retention and the responsibilities of government, companies as well as individuals while handling third-party data. India’s telecom regulator has also started consultations on a separate but related aspect of ownership, security and privacy of data on telecom networks.India has previously raised security concerns with regard to Chinese telecom equipment supplied mainly by Huawei and ZTE to local telcos. The home ministry had in 2005 warned that foreign telecom equipment vendors, especially Chinese, may install spyware and malware that could monitor voice and data traffic and bring down networks. But this had abated in recent years.“People fear that their personal data gets shared during software updation and gets stored in servers outside the country,” said the second another official aware of the issue.The Indian Cellular Association said that it recognised the imperatives of national security and protection of customer data integrity, but warned softthat the move shouldn’t stifle innovation in terms of the app ecosystem.“While there can be no argument against the need to have secure communication and protection of data, we must grasp this issue in its entirety — different levels of consumer verticals need different levels of security commensurate with the degree of risk,” said Pankaj Mohindroo, president of the association that represents Samsung, Apple, Micromax and others.The notice to the companies, issued under Section 70B(6) of the IT Act, came after IT minister Ravi Shankar Prasad called a meeting of senior officials in the department and representatives of CERT-In to take stock of the situation.CERT-In officials highlighted that security of mobile devices must address all layers including hardware, operating system, applications, network communications and encryption standards. They added that updating of operating system, firmware and applications that should be done in a secured manner.China is among India’s largest trading partners, with a trade surplus of over $51 billion. India has been arguing for greater market access and has often responded with higher duties to prevent the dumping of cheap goods from the neighbouring country.