'Pre-Installed Apps Make Privacy & Data of User Vulnerable': Plea In SC Seeks Guidelines For Smartphone Manufacturers Enunciating Disclosure

A PIL has been preferred in the Supreme Court for the protection and enforcement of right to privacy as recognised within the Fundamental Framework of the Constitution viz. Article 21, to the extent of data collated by smartphones on account of pre-installed applications.

Filed by Advocate Wajeeh Shafiq and drawn by Advocates Divye Chugh & Nimish Chib, the plea filed by Jatin Rana, seeks directions to the Union for formulation of guidelines in order to mandate smartphone manufacturers in India to disclose all pre-installed mobile applications in their outer packaging as a condition precedent in major regional languages.

In this backdrop, the plea seeks directions to smartphone manufacturers' to show as to how they have been using the data collected from Indian citizens and whether they can protect the data of Indian users which they are collection from falling into the hands of any establishments which may misuse an Indian users' data.

Rana has opened the averments in the plea by stating that the present plea has been filed as he is concerned about the privacy and security risk posed by the pre-installed mobile applications which comes in new android smartphones of various kinds manufactured/assembled, sold and controlled by Chinese Smartphone companies.

"That the petitioner is concerned about the privacy and data theft of Indian smartphone users which is being done by Chinese smartphone companies. The present petition is necessitated in view of various researches having been conducted on the issue of data theft and compromise of privacy of a smartphone user through pre-installed applications in an android smartphone," the plea reads.

It is contended that pre-installed apps make the privacy and data of a user vulnerable and that it is well within the rights of a consumer to be protected, to choose and to be informed and educated.

 "....when a user purchases the smartphone and the moment the user starts the smartphone, the already pre-installed app will start running and collecting data of the user without the user being aware of the same" - Excerpt of Plea

With this perspective, the petitioner has earmarked that recently more than 50 Privacy Security Groups including American Civil Liberties Union (ACLU) and UK-based Privacy International had written to Google to protect android users from pre-installed apps coming with new android smartphones. Their main concern was that the Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted (often known as 'bloatware'), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent, the plea reads.

In is averred that this business practice of the smartphone companies of introducing pre-installed apps in a brand-new smartphone is totally not in accordance to the rights of a consumer which have been guaranteed to a consumer in India through the Consumer Protection Act, 2019, such as the Right to be Protected against the marketing of goods which are hazardous to life and property of consumer, Right to be Informed, Right to choose & Right to Consumer Education and Awareness.

The petitioner has also touched upon the Chinese Smartphones' impact on a users data and privacy. With Chinese smartphone companies totally taking over the smartphone market in the last decade, they can be used as a weapon in the hands of the Chinese Government, says the Petitioner.

"That in 2014, Indian Airforce warned its personnel and their families not to use Xiaomi phones. Air Force pointed out that these phones are believed to be transferring data to their servers in China and could be a security risk......In 2015, internet security firm GData reported that smartphones from Xiaomi, Lenovo, and Huawei had pre-installed spying malware on them. The report was soon concurred by Kryptowire. They found that these smartphones came with spyware made by Shanghai based Adups"

In light of the above, the petitioner has prayed that all smartphones must have complete disclosure on their manual or outer packaging about the apps pre-installed in the smartphone, what data of the user they have access to, at which place that data is being stored, by which entity that data is accessible and for what purpose that data is likely to be used.

Additionally, it is prayed that directions be issued to Google to provide an update in android system through which all faulty pre-installed apps can be identified and further also provide ways to get rid of such faulty pre-installed apps & enquire into the privacy and data protection standards of the Google and other Chinese Smartphone companies operating in India.

Furthermore, it is prayed that the Centre further carry out an exhaustive research as to how these companies have been collecting data, how it has been used and where is that collected data stored.