Google admits to 'inadvertently coding' Aadhaar helpline number in Indian Android phones
Android users in India have reported seeing the contact number of a Government agency crop up in their smartphones without their consent. Users are clueless as to how the toll-free number of the Unique Identification Authority of India (UIDAI), 1800-300-1947, got saved in their phonebooks without their consent and have called out the UIDAI on social media for breach of privacy. UIDAI, however, has denied forcing OEMs or service providers to add its helpline number without consent in contact lists. Now, Google has issued a statement accepting that it 'inadvertently coded' UIDAI's number into the Setup process in the Android releases seeded to Indian OEMs in 2014 and the contact entry has transferred to new devices whenever users imported the contacts.
Before analyzing Google's statement, it helps to understand what UIDAI is all about. UIDAI is an statutory Indian Government authority that issues a unique identification number called Aadhaar to every Indian citizen. Aadhaar (Sanskrit for 'Basis'), is a biometric proof of national identity and authentication and was introduced as India's concept of the US Social Security Number (SSN) although, there are large differences between the two. UIDAI has been reaching out to all citizens for mandatory Aadhaar enrollment to ensure seamless citizen services. The biometric identification scheme, despite teething privacy concerns, even earned praise from former Microsoft chief Bill Gates who said Aadhaar doesn't pose any privacy issues in itself and is worth emulating by other countries around the world.
Coming back to the current issue, smartphone users are part clueless and part annoyed as to how UIDAI's toll-free number managed to enter their contact lists without explicit consent. UIDAI has clarified that it had nothing to do with all this and that the toll-free number has long changed from 1800-300-1947 to simply 1947. Google has now taken blame and issued a statement saying,
Our internal review has revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the setup wizard of the Android release given to OEMs for use in India and had remained there since. Since the numbers get listed on a user’s contact list these get transferred accordingly to the contacts on any new device."
Apologizing for any concerns caused, Google said that this not an unauthorized device access and users can delete the number manually. While it is good to have a clarification from Google, the statement actually opens up a can of worms. A little research begets some seemingly concerning and pertinent questions.
- The Department of Telecommunications (DoT) issued an order to map 112 as a common emergency distress number in 2016. How did Google then get to embed this number in their code in 2014 itself?
- If UIDAI contact was coded into Android Setup in 2014, how come people are seeing it only now in 2018?
- If stock OEM releases had this number coded, why those on skinned OEM ROMs and custom ROMs are also seeing this number?
Earlier this year, there were allegations that Google and the smart card lobby did not want the Aadhaar initiative to succeed as it would essentially put them out of business. Aadhaar is a rich repository of citizen demographic and biometric data and since it's not on the Internet, it will be difficult to mine this information.
All said and done, it also helps if users take some time to understand privacy policies to whatever service they subscribe to, ensure that only genuine apps are installed on their devices, secure their accounts with two-factor authentication, and allow only the needed permissions for installed apps. If a flashlight app requests permission to access the phonebook, in all probability, it is a recipe for disaster.