Data War: It is not fault of BJP or Congress apps, blame lies with Google Play store
BJP and Congress are fighting a data war now, with both political parties accusing each other of harvesting private details of Indians who are using their apps. Congress, with its leader Rahul Gandhi leading the charge, has accused that Narendra Modi app harvest a lot of private data of Indian users because when a user installs the app, it asks for whole lot of permissions to access various components in a phone. BJP, in its counter-attack, claims that Congress app too does the same and after harvesting data of Indians sends it to Singapore based servers.
But in the fight between BJP and Congress over the private data of Indians, what we are forgetting is that the real culprit here is probably Google Play Store, from where these apps are downloaded. It's the inherent fault in the Android operating system, and how apps work that has led to this debate and it is important to understand why Congress party app, which by the way is no longer available on the Play store, and the Narendra Modi app may not be at fault here.
The problem is that the Google play store has always allowed a lot of leeway to apps. Since the last two years Google is trying to fix the problem, but it still exists. The issue is about the permissions an app requires to work on Android phones. An app always needs access to the hardware of the phone to do its job. For example, if an app requires that you click your photo to create your profile, it will need to access your camera. Similarly, if it is a photo sharing app or a messaging app that also needs to offer photo sharing functionality, the app will ask that you permit it to access the phone's storage and the photo gallery.
So what happens in this case is that even basic apps require a lot of permissions to access various components in a phone. And if there is an app that needs to do many things - such as Facebook app - it requires tens of various permissions. This is exploited by developers in one big way: They seek permissions even when an app may not require it. For example, a banking app probably has no reason to access your photo gallery or GPS information. But just because every app asks for it, the banking app will ask for it.
The second problem that again is a problem because of Google Play Store is that the permissions are very broad. This means once an app has a permission to access your GPS or location information, it can access that information in various ways, probably even when you are not using the app. This is something Google is hoping to fix in Android 9 aka Android P this year, when it may restrict access to the phone hardware to the apps that are active and are on the screen. But for now it is an issue.
Interestingly, this is one area where Google Play store falls short of Apple iOS App Store. Apple app policies are far more stringent and when apps ask for permissions, Apple first asks developers to clearly explain why the permission is required. The app is approved and published in the Apple App store only when Apple is satisfied that it's a secure app and will not abuse the permissions it will be seeking from users.
Coming back to the BJP and Congress data war, the fight today is more about scoring brownie points. In all likelihood the Narendra Modi app and the Congress app have poor security, but that has nothing to do with the permissions they have sought from the Google Play store. The permissions can be misused, but these two apps aren't probably doing that. That said, the issue of Google Play store permissions is something Google needs to fix. And on that it is also quite good that we in India are talking about safety of data that apps collect, even if the talk right now is more fluff and less substantial.