With a spy app… India data economy in the dark

India, with a population of over 1.3 billion, is an IT powerhouse and has made remarkable developments in recent years. On the other hand, however, online privacy regulations are loose, and spy apps that monitor spouses and various personal information are bought and sold. The reality of India’s dark data economy is introduced by a group of non-profit journalists (Rest of World).

An Indian woman divorced her husband in 2018. The trigger was that the husband monitored his smartphone and recorded data such as private calls, SMS, WhatsApp messages, photos and videos. The husband reportedly criticized her for complaining about her mother-in-law or talking to her boyfriend by playing the recorded message in front of her parents.

She didn’t know when she was being watched. Since the smartphone you own was a gift to your husband, it is possible that the smartphone contained spyware from the beginning. In India, it is not uncommon to plant spy apps on spouses’ smartphones to monitor them.

An official from the Indian Private Detectives Association says it is common among the elite in urban areas for wealthy families to hire private detectives to assess spouse suitability. According to estimates, private detective services across India have a market size of $1.2 billion, often using smartphone spyware to track specific individuals.

Demand for spyware in India occurred in the early 2010s. A software engineer met a parent who wanted to monitor the whereabouts of a child in a virus and cybersecurity investigation. These parents were rich and saw a business opportunity, and they developed EasySpyPhone, an application that tracks children.

EasySpiphone not only collected location data, but also recorded calls and monitored text messages. A recent app derived from this has added features, enabled social media monitoring such as Facebook and WhatsApp, and said that you can secretly select a phone microphone to record conversations. It costs between 20 and 40 dollars a month and is said to be well received by parents.

However, the main revenue from this spyware comes from granting licenses for monitoring applications from multiple vendors. Each vendor sells spyware in different packages under license. A private detective says it has created a proprietary application called Spy Mobile Process and is providing it to customers who want to investigate.

In India, the sale of spyware developed for the purpose of monitoring someone is also not regulated, as the privacy laws that regulate tracking through smartphones are ambiguous. In addition, spyware companies add a disclaimer stating that the smartphone owner needs proper written consent for installation, and the company is responsible for the use of spyware.

From August 2020, Google has updated its policy on products and services that promote fraud and banned advertisements on surveillance technologies such as spyware. On the other hand, private investigation services or services for parents to track and monitor underage children were excluded from regulation. The vendor emphasizes that it is a children’s product and continues to sell spyware. Spyware is like a sword. It means that it can be abused depending on the usage, as well as legitimate acts such as cutting fruit.

Privacy concerns in India exist not only in the spread of spyware, but also in the data transaction market where various personal information is bought and sold. India, where more than 500 million people use the Internet every month, is constantly collecting large amounts of personal information and there is an online black market where customers can purchase a variety of data. The data set sold is rich in diversity, and there is a database of all groups: parents with children, cable TV customers, pregnant women, habitual pizza eaters, and investment trust users.

It is sold in the form of a spreadsheet lined with a typical database name and various personal information, and you can find out the type of car you own, family composition, and children’s education in addition to age and place of residence. Because the database is updated regularly, there are also forms of sale, such as cheaper previous data and discounts for multiple purchases at the same time. Potential customers can find companies that sell data simply by looking for ads on social media or a combination of industry keywords, data and databases.

According to privacy experts, personal information has been sold as data in India since at least 2006. Data brokers collect a variety of information from the Internet. One broker reportedly sold national identification number system identification cards as image data. In a 2019 survey, 69% of Indian companies did not set up a reliable data security system, and 44% indicated that they had experienced data breaches in the past.

In addition, Indian companies sell personal information collected by businesses. It is said that in many cases, the personal information entered for a coupon or movie refund can be sold by the company without personal consent. Nearby cell phone stores can sell party demographics for local campaigns, and financial engineering firms can also measure credit card credit by sending personal information collected through astrology apps to their servers. If someone creates employment records on LinkedIn or shares a contact in a public directory, the broker can use software to extract the data.

In fact, when they contacted the broker and asked for a sample database, they told me that the list of thousands of people came right away, just by giving them their email address and phone number. In addition to e-mail, phone number, and address, the items and prices of online shopping malls were also written.

The way to use the database is up to the buyer, but the main way to profit from this data is fraud. The value of the database can vary depending on whether the dataset is rich or not, the season, etc., but the student database is the most valuable.

In India, the battle for entrance exams to enter the best universities is fierce. By the end of high school, students must study for exams such as JEE (Joint Entrance Exam) and NEET (National Eligibility Entrance Test). Parents do the same with heating up the test. Many parents pay a lot of money to put their children in good college. Therefore, a database containing student grades, examination numbers, parents’ names, and phone numbers is important to fraudsters.

A scammer who has obtained a database of students and parents offers their guardians to guarantee expedient admission to the medical school or college engineering department, and is deceived into admission fraud. Of course, it’s ridiculous, but from the standpoint of parents who focus on educating their children, it’s often tricky to pay money. Even when admission scams were heavily reported in India in 2018, the website selling student databases was shut down. However, the following year, it changed its name again and similar sites reappeared.

In India, data privacy issues are seldom talked about, police actually focus on fraudulent groups, and data brokers are almost ignored. The authorities view that the fraudulent group clearly commits the crime, but the broker is simply trading excel sheets, and many victims do not know the clear source of data, so prosecution is difficult.

In recent years, little by little, data brokers are increasingly being brought to court. In 2017, the owners of three data vendors were arrested for theft of customer data from telecommunications company Reliance Jio, and in 2018 for the sale of 800,000 student data leaked from the Ministry of Education.

In addition, in 2019, the Indian Parliament issued a privacy legislation designed with reference to EU general data protection rules. The bill would allow individuals to disclose the reasons and potential risks for collecting user personal information and allow users to manage their personal information. However, the legislation exempts government agencies from being regulated, and privacy activists have expressed concerns. Nevertheless, one attorney expressed the view that the new legislation would advance data privacy efforts in India. After all, it’s worth remembering that being careful about using technology can be the easiest way to protect your personal privacy. It is said that the woman who was monitored by her husband introduced at the beginning also set the screen lock. Related information can be found here .