India’s China app ban heightens need for multilateral discussion on digital privacy and security

In this unlocated photo, a user uses his smartphone while logos of WeChat are seen in the background, May 14 2020.

The Indian government took a major step on June 29 to push Chinese technology out of its domestic digital sphere when it announced a ban on fifty-nine Chinese apps in India. Citing India’s Information Technology Act, the government made its decision because “in view of information available [the apps] are engaged in activities which is [sic] prejudicial to sovereignty and integrity of India, defence of India, security of state and public order.” The ban covers apps like TikTok, the highly popular video-sharing app that’s come under increasing fire in the United States for alleged censorship and security risks, and social platform WeChat, which the Citizen Lab at the University of Toronto found mines data from international users to fine-tune its censorship within China. But it also includes a wide range of other applications, from Baidu Translate (Baidu’s translation app) to QQ Music (a Tencent-owned music streaming service). “This decision is a targeted move to ensure safety and sovereignty of Indian cyberspace,” the government says.

The move may surprise many in the United States who have perceived hesitance on the part of the Indian government to confront Chinese digital risks, as highlighted by New Delhi’s reluctance to adopt Washington’s hard line on Chinese telecom Huawei. The Indian government has previously indicated some concern about data security risks posed by Chinese mobile applications, and the Indian military prohibited the use of WeChat by military personnel in 2018.

But the new app ban underscores the problem with using India’s policy on Huawei (currently: no ban, allowing Huawei to participate in 5G trials) as an indicator of how the Indian government may develop policy towards Chinese technology writ large. India’s stance on Huawei is one data point, but it’s not the only data point. The new app ban also shows the political and economic drivers that can motivate this kind of digital decoupling—yet another reason there should be more robust democratic dialogue and cooperation on digital privacy and security issues.

These bans will have tangible impacts on many Indian consumers. Analysis by MacroPolo’s Matt Sheehan has found Chinese apps rapidly gaining ground in India relative to US applications. TikTok, for example, has hundreds of millions of downloads in India. Other Chinese apps on the ban list, like SHAREit, self-described as a cross-platform file transfer app, also have wide user bases in the country.

The decision sends a strong signal to Beijing, especially amid ongoing India-China border tensions where twenty Indian soldiers were killed. It is through this lens that the ban—albeit made with reference to privacy and security concerns about the fifty-nine apps on the list—can also be understood as a mix of politically and economically motivated. There had already been years of discussion in India about pushing back against Chinese firms in the market in different ways, and that has increasingly entailed a focus on digital goods. About a month ago, an app called “Remove China Apps” sparked attention of this issue among celebrities and government officials. In response, the Chinese state propaganda outlet Global Times quoted an anonymous “industry source” as saying, “if the Indian government allows the irrational anti-China sentiment to continue ruining bilateral relations, it is likely to draw tit-for-tat punishment from Beijing.”

Violence on the border stoked this kind of rhetoric. While the Indian government has not made statements about any official boycott of Chinese goods, there have been calls in India—from state officers to celebrities—to boycott Chinese products and services in retaliation for the border violence. The state-run Global Times replied to this by running an “investigation” that it said would “help Indian nationalists and their followers better understand the potentially devastating consequences of their words and deeds on the already fragile Indian economy as well as India’s poor.” Needless to say, economic measures to restrict Chinese companies have been top of mind.

Now, the app ban tangibly implements a kind of decoupling between India’s and China’s domestic digital spheres. Beijing has of course already recognized this fact. On June 30, a Chinese government spokesperson said Beijing is “strongly concerned” about India’s ban, adding that even though the Chinese government “always asks Chinese businesses to abide by international rules and local laws and regulations in their business cooperation’s with foreign countries,” the “Indian government has responsibility to uphold the legitimate rights of international investors, including Chinese ones.” But China’s full reaction has yet to publicly unfold, and it is certainly something to watch.

Even for the political and economic factors at play, the decision may be a small sign of some shared ground between India and the United States when it comes to data policy. The Modi and Trump administrations have had a somewhat fraught relationship over the past few years on this issue set. Washington has continually lobbied against proposed data localization rules in India which would require firms, both foreign and domestic, to store copies of data on Indian citizens within India’s geographic borders. US opposition to this measure—despite many justifications in India—has been and remains a key point of divergence in Washington and New Delhi’s digital trade relationship. India’s parliament has yet to pass the personal data protection bill which includes those rules.

But the Chinese apps decision highlights that divergence on some issues does not mean divergence on all; taking a singular approach to “digital” issues in fact combines many different issues, from cross-border data flow regulation to standards for artificial intelligence development to norms about offensive cyber behavior to supply chain security concerns about Chinese telecommunications equipment and, in this case, Chinese mobile applications. This doesn’t mean the solutions—i.e., broad decoupling based on country-of-origin of a digital product—are good. But it does mean that countries who share concerns about Chinese internet companies for economic and/or security reasons may increasingly see more opportunities for diplomatic cooperation and alignment.

The Indian government did not include information about how this ban will be implemented on the technical side. It’s possible that officials would ask app stores to remove those apps from view within the country—i.e., users in India won’t even see the option to download the app from the iOS App Store or from Google Play. This may not completely block access to the app, as citizens may be able to find workarounds to such measures, but it would definitely strike a blow. One media outlet has reported that officials are “informing all Indian internet service providers and telecom service providers” to block traffic to and from the apps. This would be more active state regulation of the internet, one that certainly provokes questions of censorship and citizens’ rights to free internet access notwithstanding alleged security risks at play. It would also fit into a trend of numerous government efforts to exert more control over the internet, like India leading the world in internet shutdowns in 2018 and 2019.

For other countries who have policymakers pushing similar proposals, India’s decision indicates potential for convergence and shared interest on some digital issues, even if there is divergence on others. In this case, there are clearly some mutually held beliefs between the Modi and Trump administrations about needing to economically decouple Chinese digital goods from the domestic market, though of course noting the current India-China situation is unique in its own right. Australia, Japan, some EU member states, and other countries may share these worries about Chinese internet platforms. And for those wanting more India-US cooperation on data policy, and multilateral cooperation beyond those two nations, that potential convergence is something on which to capitalize. But much of it will come back to watching how the situation in India evolves, seeing how China responds, and considering that even if concerns about Chinese apps or desires to decouple Chinese technology are shared, other countries may not want to mimic India’s proposed solution.

Justin Sherman (@jshermcyber) is a fellow at the Atlantic Council’s Cyber Statecraft Initiative.

Further reading: