The mystery of UIDAI : Who & Why!! Is it a threat? A detailed discussion

1. Who did it?

Hours after the Unique Identification Authority of India (UIDAI) denied that it forced any smartphone manufacturer or telecom service provider to add a helpline number into people's contact lists, Google accepted that it had in 2014 inadvertently coded the 112 distress number and the UIDAI number into its setup wizard for Android. This in a way put to end the controversy surrounding the mysterious entry of the UIDAI number in the contact lists of many smartphone users around the country.

"Our internal review has revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs for use in India and has remained there since. Since the numbers get listed on a user's contact list these get transferred accordingly to the contacts on any new device," a statement from Google said.

Apologising for "any concern that this might have caused", the statement from a Google spokesperson said it "would like to assure everyone that this is not a situation of an unauthorized access of their Android devices".

Some iPhones also have the number saved on them, but that is the user at some point in time having migrated their contact list from an Android device to iPhone.

2. Why Google did it?

Google did not 'inadvertently', as it claimed, store UIDAI helpline number into your phone devices but, it seems, it had acted on the directive of the Manmohan Singh government. According to a letter issued on August 8, 2013, the Department of Telecommunications had instructed all the telecom companies to map short code '1947' to UIDAI's toll-free number - a move that put the nation in a great confusion five years later.

"All telecom providers are directed to take necessary action to map short code 1947 to new toll-free number 1800-300-1947 with immediate effect and send the compliance report to UIDAI directly," the Ministry, which was headed by Kapil Sibbal, had said in its letter.

3. Is it a threat?

Apparently, there are several SOS helpline numbers added to our contact list by default. It is not a threat. However, adding a number to the list or deleting the number with a software upgrade or patch update can be a threat and breach to my privacy.

When we update a software, do the vendor export some of my data to its server? Microsoft or Google or OEMs say - YES. To make my user experience better. Well, I say "NO, not needed".

If you do, I wish to know -

1. exactly what data you are collecting.
2. Will you share with someone else?
3. How long will you keep this data with you?
4. Will you destroy this data once your purpose is solved?
5. Will you inform me, if you use this data for any other purpose?
6. Will you destroy this data, if anytime I ask you to you to do?

These are the privacy principles in practice all around the world. You need to take consent for each of the above. And that is missing.

4. Other culprits?

Chinese phones!!

And the hundreds of Apps we install on our handsets which takes our consent that they will access our contact list, photos, SMS, chats, browsing history, camera, microphone… and what not!!

5. What is the future?

The government-appointed BN Srikrishna committee for suggesting a framework and a new law for protecting institutional and private data in India has submitted the framework, which will lead to Privacy law in the country. The draft also provides for penalties for data processor as well as compensation to data principal to be imposed for violations of the data protection law. It has suggested a penalty of ₹15 crore or 4% of the total worldwide turnover of any data collection/processing entity, for violating provisions. Failure to take prompt action on a data security breach can attract up to ₹5 crore or 2% of turnover as a penalty. A jail term has been proposed for up to three years for individuals found violating data protection rules under the bills in works.