Forget Aadhaar, there's a bigger privacy risk you have already taken

Those who protest against Aadhaar, the 12-digit biometric identification number, due to privacy concerns and risk of data theft, may have missed the elephant in the room — the smartphone. Indians run a bigger risk of data theft and loss of privacy through their smartphones.

India's former union home secretary Rajiv Mehrishi has flagged this concern which does not evoke enough debate. Mehrishi, who retired as Union Home Secretary on Thursday, told a parliamentary panel last month that 40 per cent of people who use smartphones and top applications, knowingly or unknowingly, share data with the entire world including the Central Intelligence Agency ( CIA) of the US, according to a report in The Indian Express.

Mehrishi made this remark on July 21 when he appeared before the Parliamentary Standing Committee on Home Affairs, according to the report.

Mehrishi said fingerprints and biometrics were being captured through smartphones.

Before Mehrishi's made this statement, Wikileaks had claimed to have exposed CIA's humongous hacking programmes. In March, Wikileaks released a data dump which it claimed were Central Intelligence Agency (CIA) tools used for hacking into smart devices. The software targeted by the hacking tools included Apple’s iOS and Google’s Android.

There is a growing awareness about security issued related to smartphone apps.

Recently, the Ministry of Electronics and IT directed 30 smartphone makers to inform it about the procedures and processes they follow to ensure the security of mobile phones sold in India, following reports of data leakage and theft.

The smartphone makers, which include global players such as Apple and Samsung and Chinese makers such as Oppo, Vivo, Xiaomi, Lenovo and Gionee, besides home-bred ones such as Micromax, have been asked to provide details about security practices, architecture, frameworks, guidelines and standards followed for providing secure transmission and storage of data.

The government is finalising cyber security standards for mobile phones.

According to a recent study by IMDEA Networks Institute of Spain, more than 70 per cent of smartphone apps are reporting personal data to third-party companies like Google and Facebook

When a smartphone user installs a new app, it asks for the user's permission before accessing personal information. While some of the information collected is required for the app to run, apps can get access to more information than actually required or the required information is used for purposes that violate privacy. For example, third parties can even get to know and track your location and find out what you are doing at a particular moment.