Unique Identification Authority of India (UIDAI), the company behind India’s Aadhaar cards, have somehow injected their phone number with the contact name UIDAI into people’s phones, allegedly via the telecom service providers or apps like PayTM, mAadhaar. Or is it Google who did it? The answer is yet unclear.
The UIDAI number — 1800 300 1947 under the contact name UIDAI — has appeared in numerous smartphones. So far, with the exception of a minority of iOS and Android devices, the UIDAI number has randomly appeared in a majority of the device’s contact list.
UPDATE: The UIDAI has stated in a press release on Friday that it did not ask for any of the telecom providers, mobile manufacturers or Android (Google) for default inclusion of their number 1800 300 1947 or 1947 — the former is an outdated and inactive number according to the organisation. You can read the entire press release verbatim at the end of this article.
UPDATE 2:Google owns up, says it added the UIDAI number but this raises even more questions: 5 precisely
UIDAI has been under the scanner of public critique for some time now over numerous issues, mainly concerning the security and privacy surrounding the Aadhaar cards — few of which were earlier pointed out by French security researcher Elliot Alderson.
Many people, with different provider, with and without an #Aadhaar card, with and without the mAadhaar app installed, noticed that your phone number is predefined in their contact list by default and so without their knowledge. Can you explain why?
— Baptiste Robert (@fs0c131y) August 2, 2018
How far deep does this go?
Last year, Anivar Aravind, tweeted that he had noticed that several new mobile phones selling — specifically Samsung and Micromax — in India had the UIDAI 1947 toll-free number pre-installed in them.
Just Noticed. Many new mobiles sold in India coming with UIDAI 1947 tollfree number prestored in contacts.Noticed this in Samsung & Micromax .
Is there any govt order for these?
Or is it a result of Govt's arm twisting?
— 𝗔𝗻𝗶𝘃𝗮𝗿 𝗔𝗿𝗮𝘃𝗶𝗻𝗱 (@anivar) November 12, 2017
Other people using Xiaomi, Motorola, OnePlus, Vivo and Android devices from other brands have also pointed out that the UIDAI number is available on their devices — even those purchased in 2017 or before.
Devices with Android-based Lineage OS have also been found to have the mysterious number stored in them without the user doing so.
Although it’s merely a phone number, which seems pretty harmless, the number appearing out of nowhere on a majority of devices sure is mysterious.
According to Candid.technology’s initial research, few of the iOS and Android devices (running version 6 ‘Marshmallow’) or below don’t have the said number stored in their phone books.
There have also been instances where out of two devices — of the same make and model, running the same operating system — only one has the UIDAI number and the other doesn’t.
The presence of the number has been speculatively attributed to various factors such as the telecom operator, make and model of the device, apps such as Paytm, mAadhaar, Tez and Google accounts.
Also read: DuckDuckGo vs Google: Which search engine should you use?
This is not UIDAI’s first rodeo
While it’s still unclear how the UIDAI’s phone number was saved on a majority of devices, it sure is creating some unrest among the user’s who’ve found this out as none of them had saved the number by themselves.
Newly purchased devices come with UIDAI as a default contacts alongside the ‘112’ Distress number. The number is currently inactive.
UIDAI and its Aadhaar project has come under scrutiny time and again majorly related to user database security and misuse of user’s Aadhaar accounts and many more instances but have largely failed to explain themselves.
Aadhaar needs to be suspended. a complete audit of its tech & processes needs to be done, and fixed. It has been rolled out in a manner that is faulty & leaking. It's a personal &national security risk bec of incompetence & negligence from @UIDAI & team in design & implementation https://t.co/Das3HEgbC6
— Nikhil Pahwa (@nixxin) February 21, 2018
Until now UIDAI hasn’t issued an official statement related to this incident and that’s only causing an increase in the amount and level of speculations.
Some believe that this might just be the tip of the iceberg and since the number was installed on the device without the user’s consent, who is to say that a hidden code snippet hasn’t been installed in these devices as well.
Yesterday, I found 20K+ #Aadhaar cards with a manual search. @UIDAI: Do I need to create a Twitter bot which is doing this work automatically and publish the result on Twitter to have a reaction from your side?
— Baptiste Robert (@fs0c131y) March 11, 2018
Unless UIDAI comes forward and clarifies this action to the users and stops doling out statements such as “Aadhaar database is totally safe and has proven its security robustness over last eight years”.
This statement was released by the UIDAI when security researchers and experts in the area from both at home and abroad have reiterated time and again the issues with Aadhaar, specifically security of the database containing personal information of those registered and also the misuse of that information.
The scrutiny surrounding Aadhaar is justified as even though the Supreme Court has ruled otherwise, the government has on a number of occasions been hell-bent on getting citizens to link their Aadhaar card to various services including telecom, banks, voter ID and more.
An Election Commission of India letter dated August 13, 2015, clearly states, “The production of an Aadhaar card will not be a condition for obtaining any benefits otherwise due to a citizen.”
The letter also stated, “No Aadhaar data shall be collected from any other agency/data hub/organisation of Central Government/State Government, nor should the data collected so far be used for any authentication/other purposes.”
While the list of UIDAI’s mismanagement of its user data is a long one, encroaching the private space of a country’s citizens without their consent cannot and should not be taken lightly. Let’s just hope this isn’t just the tip of the iceberg.
The UIDAI issued a response on Friday after the news was broken out by multiple media outlets and people across social media networks were discussing the issue. Here is what they’ve to say:
Unique Identification Authority of India (UIDAI) today in the wake of some media reports on default inclusion of the UIDAI’s outdated and invalid Toll-free number 1800-300-1947 in the contact list of Android phones said that UIDAI has not asked or communicated to any manufacturer or service provider for providing any such facility whatsoever.
UIDAI emphasised that the said 1800-300-1947 is not a valid UIDAI Toll-free number and some vested interest are trying to create unwarranted confusion in the public. UIDAI’s valid Toll-free number is 1947 which is functional for more than the last two years. UIDAI has reiterated that it has not asked or advised anyone including any telecom service providers or mobile manufacturers or Android to include 1800-300-1947 or 1947 in the default list of public service numbers.”
Also read: Why is SMS-based 2-factor authentication not as secure as app-based 2-factor authentication?
It’s just a number, does it hurt?
It’s hard to believe that UIDAI doesn’t have any hand in the inclusion of their toll-free number on devices, including those fresh out of the box.
Especially when you take into consideration an August 2013 letter written by the Department of Telecommunications to all ‘Access Service Providers’, which stated “…all the Telecom Providers are directed to take necessary action to map shortcode ‘1947’ to UIDAI’s new Toll Free number 1800-300-1947 with immediate effect and send compliance report to UIDAI.”
For those who believe it’s just a number, just think about it. If a number can be inserted into your smartphone without your consent, what else can go wrong in the backend? They might as well be adding codes to your smartphone, or checking out the media stored in your phone.
Still confused if such a totalitarian state can exist? You can take the example of China in the present day with their ‘Great Firewall’. This firewall is essentially blocking stuff like news pieces about Tiananmen Square protest of 1989, books like 1984 and Animal Farm by George Orwell, references to anti-communism and many more things that don’t sit well by the government.
According to a report by The Intercept, “The Chinese government blocks information on the internet about political opponents, free speech, sex, news, and academic studies.”
Since 1984 has been mentioned, we do urge to read it to get a fair idea of what a totalitarian government looks like and how the invasion of your privacy is not a matter to be taken lightly.
Now, if rumours are to be believed and Google is actually aiding the inclusion of these number on the smartphones somehow, then it’s a bad sign for us all.
Also read: 9 IoT Security Solutions to safeguard your network
Source 1 | Source 2 | Source 3 | Source 4
Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected]