Question : Safety of Government’s Mobile Application

Will the Minister of Electronics & Information Technology be pleased to state:-

(a) whether the popular Government’s mobile application is vulnerable to security threats as the accounts of the application can be hacked with just few basic programming skills;
(b) if so, the details thereof and the reaction of the Government thereto;
(c) whether these application are unprotected and anyone can modify and make changes in these application just by simple knowledge;
(d) if so, the details thereof and the reaction of the Government thereto; and
(e) the remedial measures being taken by the Government in this regard?

Answer given by the minister

(a) to (d): Standardisation, Testing & Quality Certification Directorate (STQC) has undertaken security testing & evaluation of mobile applications as per Mobile Application Security Verification Standard (MASVS) and Open Web Application Security Project (OWASP). A total of 21 Mobile Applications have been evaluated as per MASVS/OWASP. Details of the 21 Mobile Applications is at Annexure.

(e): The Indian Computer Emergency Response Team (CERT-In) regularly issues alerts and advisories regarding latest cyber threats and countermeasures. CERT-In has also published advisories and security tips on its website to enable users to secure their mobile/smart phones.

National Informatics Centre (NIC) provides IT/E-Governance related services to Government departments and protects the cyber resources from possible compromises through a layered security approach in the form of practices, procedures and technologies that are put in place.

NIC has deployed state-of-the-art security solutions including firewalls, intrusion prevention systems, anti-virus solution for safe-guarding of hosted websites. Additionally, periodic security audits of resources are performed followed by subsequent hardenings. These are complemented by round-the-clock monitoring of security events. At NIC, Cyber Security is a continuous process and the protection elements are updated on a regular basis. A 24x7 security monitoring centre is in place at NIC, for detecting and responding to security incidents and countering to exigencies with remedial measures, including NIC-CERT and Centres of Excellence for Application Security.

********




Annexure

Mobile apps tested by STQC

Serial No Mobile App
1. Bipadsathi
2. Kanyashree
3. IRCTC Air
4. GreenE
5. UPCOP
6. UP Police PMS
7. IRCTC Rail Connect
8. iOSMS?eHRMS
9. Wbmdminspection
10. KoPT_HaldiaDock
11. Semitronik Instruments
12. Utkarsh Bangla Inspection mobile app
13. Utkarsh Bangla Training Centre Monitoring System Android App
14. NeMLePermit Generation by trader
15. NeMLePermit verification at checkpost
16. School Inspection and Monitoring System
17. Samvad android app version 14.0
18. Samvad iOS app version 2.0
19. IndiaPost android app version 1.0
20. RDSO Pensioners'' android app version 2.10.0
21. E-learning Mobile app version 1.0

********



Download PDF Files