Print This Post
14 November 2019, Gateway House

Chinese app enticements in India

Chinese investments in India’s soft power sectors, such as smartphones and apps, glitter like a diamond necklace around India. Here is anecdotal evidence of their reach and capacity to harvest more data than necessary, with recommendations for their regulation

post image

While the BJP government focuses on governing border states through a democratic process on its own or through coalitions, the Chinese are blanketing the whole of India, including the border states, through their investments in multiple projects. It will create a diamond necklace around India that is so attractive and insidious that it will make China’s potent Indian Ocean String-of-Pearls strategy seem less threatening.

The last decade has seen heavy investments from Chinese companies into India, over $5 billion in 2018. They are in myriad sectors, such as consumer goods, especially electronics, logistics, retail – that is, normal FDI, mostly. Alarming are the investments by China’s powerful BAT companies (Baidu, Alibaba and Tencent) in soft power projects in India – Artificial Intelligence, the Internet of Things and fintech.[1] That’s because the People’s Liberation Army of China and the Communist Party of China have a symbiotic relationship with China’s BAT, the makers of strategic domestic and overseas investments.

These investments in India need to be viewed with caution, considering the increased penetration of smartphones and apps, like TikTok, especially in the country’s Tier-II and Tier-III cities, such as Guwahati and Raipur. The potential to influence Indian minds is massive. By 2024, India’s smartphone users are expected to double to 1.25 billion from 610 million in 2018.[2] The Chinese Smart Phone Manufacturers in India already have a 66% share of the smartphone market as of the first quarter of 2019.[3] That’s hardware.

As for software – and soft power – the increase in smartphones in India has been accompanied by the rise in the use of smartphone apps. According to App Annie’s The State of Mobile in 2019 report, India saw a 165% increase in app store downloads between 2016 and 2018.[4]  A full 50% of top app downloads (combined iOS and Google Play Downloads) in India in 2018 were those with Chinese investments, such as UC Browser, SHAREit, TikTok, and Vigo Video, among others.[5] Such Chinese apps harvest more than normal amounts of data, as compared to other social media apps, thereby posing security concerns for India. As more young Indians turn into first-time smartphone users, their affordability and data packages will entice them into making frequent use of online services, unaware of the security risks to their data while using the extremely popular Chinese apps.

China in India’s digital sector

China’s strategic investments in data-oriented services in India raise concerns, making it critical for India’s security agencies to pay attention to these soft power projects in India. They are prevalent at various levels, particularly in the digital sector in India. The following offer a few examples:

Apps: A substantial 50% of top app downloads (combined iOS and Google Play Downloads) in India in 2018 included apps with Chinese investments, such as Universal Control Browser (UC Browser), SHAREit, TikTok, Vigo Video, etc.[6] These apps are owned respectively by the Singapore and China mobile-based internet company, Alibaba Group; SHAREit Technologies Co Ltd and ByteDance (TikTok and Vigo Video), which are all multi-billion-dollar global players, alleged to have deep ties with the Chinese government.

Browsers: UC Browsers, owned by Alibaba, have penetrated the Indian market through a series of significant investments, including via Paytm and its parent company; One97 Communications Limited; and Snapdeal, owned by Jasper Infotech Pvt. Ltd.[7] As of October 2019, UC Browser has a sizeable market share of 17.09% in the mobile browser market space in India[8] and also leads the mobile phone segment in India with 21.38% market share.[9] Its competitor is Chrome, with a 69.35% market share.[10] UC Browser has recently made a strategic shift from a tool-based product to a content player in India, with dedicated channels, hosting short-form content, including videos, with segments on sports, technology, news, fashion, etc.

Streaming services: In 2018, China’s internet behemoth, Tencent, made an investment of $115 million in India-based music streaming service, Gaana, founded in 2010 by Times Media/Times Internet.[12] Indian fintech unicorn Paytm, in which Alibaba invested $575 million[13]  and which runs an e-commerce marketplace, Paytm Mall, in India, and Tencent invested $110 million in the OTT platform MX Player, a video player developed by South Korea-based company, J2 Interactive, which was acquired by Times Internet for $144 million in 2018.[14]

In April 2016, Chinese smartphone maker, Xiaomi Inc, invested $25 million in Indian digital media firm, Hungama Digital Media Entertainment.[15]

Access to data

India is one of the largest and fastest-growing markets for digital consumers, with 560 million internet subscribers in 2018: this is second only to China. As with the global controversy generated by China’s 5G investments, Chinese investment in India’s digital sector also has data security implications in the following ways:

Data: Chinese apps represent a challenge to the user’s data security as they require vast amounts of personal data; this is usually a bare minimum to provide users access to their interface.

A study conducted by Arrka Consulting in India[16] shows that Chinese apps in India ask for 45% more permissions than the number of permissions requested by the top 50 global apps. At least six of the 10 most popular Chinese apps, including Helo and SHAREit, as well as browsers such as UC Browser, ask users to provide unnecessary access to camera and microphones on their smartphones. Such apps collect large amounts of personal data from users such as location, profession, friend lists, friends’ interests, cellphone number and photo interest as a bare minimum, thereby stoking privacy concerns in app users.  Deactivation of a user’s account does not result in data being returned to the user or it being deleted from the app’s server. In fact, these details are often shared with third parties.

Malware: Chinese apps have always raised suspicions about cyber espionage attempts and security risks in India. The Ministry of Electronics and Information Technology reportedly sent notices to TikTok, Bytedance and Helo apps, seeking a response to its data privacy concerns about these apps being used to commit unlawful activities, such as storing users’ data and creating a hub for anti-national activities, such as communal disharmony.[17] In 2017, out of 42 mobile applications, UC Browser, SHAREit, UC News, and others listed by the Ministry of Home Affairs,[18] are claimed to have the potential to carry out a cyber attack against the country.

Search services: UC Browser is the second most utilised browser in India after Chrome, with an estimated market share of 17.09%[19] and a user base of more than 300 million. According to a 2015 report by the University of Toronto, Alibaba’s UC Browser has “several major privacy and security vulnerabilities that would seriously expose users of UC Browser to surveillance and other privacy violations”.

TikTok’s parent company, ByteDance, has recently launched a new search portal, Toutiao Search,  showing results from the web as well as its own platforms.[20] Given the digital boom in India and the estimated 300 million monthly active users in India that ByteDance has across TikTok, Vigo Video and Helo, [21]ByteDance may potentially venture into the search business in India as well.

India’s regulatory authorities need to frame policies with an understanding of the immediate security, technological and geoeconomic aspects to China’s expansion. Given China’s established practices of cyber espionage and hacking, it is not unreal to envision a scenario in 2022, where the market share of smartphones of the top three Chinese companies in India is 48.54%,[22] with increasing penetration and cheap data having reached the sensitive border states of India.

Some policy recommendations

A centralised FDI screening mechanism for the IT-BPO industry: The investment screening mechanism, recently introduced[23] in EU, the EU Foreign Direct Investment Screening Regulation (FDIR), is a non-binding cooperation and oversight system which encourages sharing information across member states on the potential of certain investments to affect national security and interests. It empowers the European Commission to weigh in on deals that affect multiple member states or the EU as a whole.[24]

The passing of this new EU measure in just 18 months is indicative of heightened concerns over the terms of China’s economic expansion because it makes provisions for dominant characteristics of its investment strategy: a focus on technology and infrastructure sectors, state-linked and funded entities and state-led outward projects. The EU’s new screening mechanism also targets a specific aspect of some Chinese deals: many are executed via third parties in other states to conceal the Chinese source of ownership and funding. The EU measure explicitly prevents such bypassing of national screening by investigating deals within the EU that are associated with Chinese firms.[25]

Adopting a similar screening mechanism for the IT-BPO industry in India will protect citizens’ sensitive personal information from being shared through apps, browsers, search services and other critical technology and infrastructure in India, keeping in mind direct and indirect Chinese investments in India.

Inter-agency committee to review foreign investments involving the collection of sensitive personal data: India can devise a body akin to the Committee on Foreign Investment in the United States (CFIUS). It can consist of members from the Ministry of Home Affairs, Department of Telecommunications, Department for Promotion of Industry and Internal Trade, Ministry of Information and Broadcasting, Ministry of Electronics and Information Technology and the National Security Council of India, to review foreign investments in India which calls for the collection of sensitive personal information. This can help tackle security threats in India.

Data localisation policy: A data localisation policy for regulating access to data, mandating data storage requirements and controlling cross-border data flows, needs to be put in place. Companies should be required to set up data centres in India to minimise the need for storing sensitive data on foreign servers.

An organisation collecting sensitive personal data must state: the purpose, the persons or organisations who will be privy to it, the security safeguards and processes it has in place in relation to such information, the processes available to data subjects to access and correct such information, and the contact details of the privacy officers and SRO ombudsmen for filing complaints. Data localisation measures will be effective in immediately taking down content which can foment sectarian trouble across India or the anti-India rhetoric in border states, such as Jammu & Kashmir, Rajasthan, Punjab, Gujarat, U.P., Uttarakhand and the North East.

Such a policy will be an important step in handling security concerns in India caused by cyber espionage.

Accountability in trans-border data flows: There are legal best practices to be learned from other countries that are cognisant of China’s strategy. Australia needs accountability in cross-border data flows as well as the monitoring of the flow of sensitive personal data across borders. The 13 Australian Privacy Principles, released by the Australian government, are designed to effectively protect the collection, holding use and disclosure of all personal information.[26]  Australian entities, which may be sending data abroad, remain liable by Australian law for actions taken by the foreign handler with regard to the data. Compliance with this principle usually takes the form of a contract between the Australian entity and the foreign data handler, the latter undertaking to comply with the privacy principles, despite it not being a private entity.[27]

It’s time for India to broaden the government’s powers to block deals that threaten national integration, sectarian harmony, border security, and cyber security and effectively deal with the looming challenge posed by Chinese tech companies. India has to protect its technology ecosystem. Successful implementation and enforcement of such policies will make the difference between vulnerability and security.

Blaise Fernandes is Board Member, Gateway House, and President & CEO, The Indian Music Industry.

This article was written exclusively for Gateway House: Indian Council on Global Relations. You can read more exclusive features here. 

For interview requests with the author, or for permission to republish, please contact outreach@gatewayhouse.in or 022 22023371.

© Copyright 2019 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorised copying or reproduction is strictly prohibited.

References:

[1] Medici, “Executive Summary – India fintech Report 2019″, Medici, 2019, https://mediciinnercircle.com/wp-content/uploads/2019/03/FintegrateReport_ExecutiveSummary_Final.pdf

[2] Ericsson, “Data usages per smartphone is the highest in India”, Ericsson Mobility Report, June 2019, https://www.ericsson.com/en/press-releases/2/2019/6/data-usage-per-smartphone-is-the-highest-in-india–ericsson

[3] Counterpoint, “India Smartphone Market Share: By Quarter”, Counterpoint, 29 August 2019, https://www.counterpointresearch.com/india-smartphone-share/

[4] Sydow, Lexi, “The State of Mobile in 2019 – The Most Important Trends to Know”, 16 January 2019, https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/

[5] Sydow, Lexi, “The State of Mobile in 2019 – The Most Important Trends to Know”, 16 January 2019, https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/

[6] Sydow, Lexi, “The State of Mobile in 2019 – The Most Important Trends to Know”, 16 January 2019, https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/

[7] Sun, Leo, “Alibaba is expanding to its E-Commerce Platform into these 4 Markets”, NASDAQ, 1 September 2018, https://www.nasdaq.com/articles/alibaba-expanding-its-e-commerce-platform-these-4-markets-2018-09-01

[8] GlobalStats, “Browser Market Share India”, StatCounter, October 2019, https://gs.statcounter.com/browser-market-share/all/india

[9] GlobalStats, “Browser Market Share India”, StatCounter, October 2019, https://gs.statcounter.com/browser-market-share/all/india

[10] GlobalStats, “Browser Market Share India”, StatCounter, October 2019, https://gs.statcounter.com/browser-market-share/all/india

[11] Mandavia, Megha, “UC Browser pivots to short-form content”, Economic Times, 3 June 2019, https://economictimes.indiatimes.com/tech/internet/uc-browser-pivots-to-short-form-content/articleshow/69626256.cms

[12] FDI India, Foreign Investment Facilitators, “FDI in Media Sectors”, FDI India, Foreign Investment Facilitators, https://www.fdi.finance/sectors/media

[13] Alibaba Group, “Alibaba Group and Ant Financial Enter into Strategic Investment in India’s Paytm”, Alibaba Group, 29 September 2015, https://www.alibabagroup.com/en/news/press_pdf/p150929.pdf

[15] https://www.hungama.org/

[16] Arrka, Managing Information Risks, “State of Data Privacy of Mobile Apps from India Summary Report: 2017″, Arrka, 15 December 2017, https://www.arrka.com/state-of-data-privacy-of-mobile-apps-from-india-summary-report/

[17] Jalan, Trisha, “MeitY issues notice to TikTok and Helo, threatens with ban if questions not answered by 22 July, 18 July 2019, https://www.medianama.com/2019/07/223-meity-issues-notice-to-tiktok-and-helo-threatens-with-ban-if-questions-not-answered-by-july-22/

[18] Financial Express, “Government reportedly lists 42 Chinese apps as dangerous,including Truecaller, UC Browser, Mi Store: Check if your phone has any of them”, Financial Express, 1 December 2017,

https://www.financialexpress.com/industry/technology/government-reportedly-lists-42-chinese-apps-as-dangerous-including-truecaller-uc-browser-mi-store-check-if-your-phone-has-any-of-them/954335/

[19] GlobalStats, “Browser Market Share India”, StatCounter, October 2019, https://gs.statcounter.com/browser-market-share/all/india

[20] Shi, Xiaoye, “Analysis of ByteDance with a close look on Duoyin/TikTok”, ETHzurich, June 2019, https://ethz.ch/content/dam/ethz/special-interest/mtec/chair-of-entrepreneurial-risks-dam/documents/dissertation/master%20thesis/MasterThesis_Shi.pdf

[21] Sydow, Lexi, “The State of Mobile in 2019 – The Most Important Trends to Know”, 16 January 2019, https://www.appannie.com/en/insights/market-data/the-state-of-mobile-2019/

[22] Palo Alto, “Indian smartphone shipments up 10% to 137 millions in 2018, unfazed by global decline”, Canalys, 7 February 2019, https://www.canalys.com/static/press_release/2019/pr20190207-india-smartphone-shipments.pdf; Chinese smartphone shipments to India in 2018; from Xiaomi accounts for 41 million units ( 29.9%), Vivo accounts for 14.4 million units (10.5%) and Oppo (excluding Realme) accounts for 11.2 million units (8.2%). These top 3 Chinese smartphone users together account for 48.54% of smartphone shipments to India in 2018.

[23] European Commission, “EU foreign investment screening regulation enters into force”, European Union, 10 April 2019, http://trade.ec.europa.eu/doclib/press/index.cfm?id=2008

[24] U.S. Department of the Treasury, “The Committee on Foreign Investment in the United States (CFIUS)”, United states Government, https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius

[25] Le Corre, Philip, “On China’s Expanding Influence in Europe And Eurasia”, Carnegie Endowment for International Peace, 9 may 2019,

https://carnegieendowment.org/2019/05/09/on-china-s-expanding-influence-in-europe-and-eurasia-pub-79094

[26] Office of the Australian Information Commissioner, “Read the Australian Privacy Policy”, Australian Government, 31 July 2019,

https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/

[27] “Report of the Group of Experts on Privacy”, Planning Commission, Government of India, 16 October 2012,

http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf, The only concern here is applying too wide an exception to accountability. When the Australian entity reasonably believes that the data protection regime in the foreign country in question is substantially similar or better and an individual has access to overseas enforcement mechanisms, it is not held accountable for the data handler’s actions. This can be used in bundled consent to disclaim liability in a wide number of situations.

TAGGED UNDER: , , ,