Can India Devise Systems to Secure Military From Smartphones and Data Hack?

The ubiquitous smartphone has become an integral part of our lives. The American Express advertising tagline, “Don’t leave home without it," could well apply to the instrument in our pocket. More than any other piece of hardware, the smartphone has revolutionised society and transformed how we interact, partake in entertainment, travel, conduct business, acquire information, etc.

All this is made possible by the variety of sensors that exist in a smartphone. A typical smartphone has about 25 sensors, including the accelerometer, gyroscope, GPS, biometric sensors, facial recognition, and proximity sensors, in addition to cameras and microphones.

These help you navigate safely, track fitness goals, capture memories, and keep you connected around the globe.

All this is precious personal data that is sought after by both corporations and governments, the former for commercial purposes and the latter for surveillance. Let us briefly look at how this data is harvested.

Smartphone manufacturers collect personal data that is shared with business partners. The operating system (OS) on the phone, Android or IOS, is also collecting personal data. A 2021 study by Prof. Doug Leith at Trinity College Dublin with Dr. Paul Patras and Haoyu Liu at the University of Edinburgh found that the Android variants on Samsung, Xiaomi, Realme, and Huawei handsets were sending significant amounts of data back to the developers, and third parties such as Google and other companies with pre-installed apps such as Microsoft, Facebook, and LinkedIn. The users had no way to opt out of this data collection.

Governments, too, collect personal data. This is being done for law enforcement, preventing crime, and improving the delivery of services. These are all legitimate functions and are subject to judicial oversight.

However, there are no such restrictions when it comes to collecting information about citizens in other countries in the guise of intelligence gathering.

According to a Forbes report of 2020, Security researchers Gabi Cirlig and Andrew Tierney were able to spot various backdoors in Xiaomi phones that help the company obtain user data without getting any consent from its users. This data was sent to remote servers hosted by Alibaba in China.

China’s 2017 National Intelligence Law mandates that “any organisation or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law." Thus, companies like Huawei will be forced to hand over their data if the Chinese government demands it.

These are all well-known facts and necessitate that countries develop a secure smartphone for use by militaries and important government functionaries. The Indian military is also looking for a secure smartphone, with the Indian Army and Navy in the process of conducting trials and the Air Force having issued a request for proposal for the Airforce Cellular network.

The need is well understood, but the approach adopted by the three services differs. The Indian Navy is testing an indigenous solution that includes locally assembled handsets based on trusted supply chains, an indigenously developed operating system, and a network architecture that maximises indigenous ownership. This system was displayed during the recent DefExpo at Gandhinagar. On the other hand, the Army and the Air Force are apparently leaning towards both foreign hardware (perhaps assembled in India) and a foreign operating system. The Air Force has clearly specified that the operating system should be Android 11 or above, which is developed by Google.

Companies like Apple, Samsung, and even Huawei and Xiaomi can perhaps develop secure phones for the Indian military that would pass all security certifications. The real issue that we have to consider is not technical capability but trust. Given all the facts we know about technology companies headquartered abroad and the legal and other pressures that their governments can bring on them, it could be imprudent to trust our military communication networks to them.

The capability in India certainly exists, but we need to get less starry-eyed about foreign hardware and software. The Indian military leadership, which is directly concerned with national security, must get this right. Otherwise, the phone in the General’s pocket will also paint a large target on his back.

([(Retd) Lieutenant General Deependra Singh Hooda, PVSM, UYSM, AVSM, VSM & Bar, ADC is the former General Officer Commanding-in-Chief of the Indian army's Northern Command. This is an opinion piece, and the views expressed above are of the author’s own. The Quint neither endorses nor is responsible for the same.)