When one raises their voice to speak about telecommunications regulation, the common tangent is to speak against it, often referring to the many ways that the state is perceived as angling for access to its citizens private communications under a national security agenda or battles between providers looking to either defend or grow their market share, lobbying actively for the Communications Authority of Kenya (CAK) to take up preferred positions on policy matters.

However, in a market where mobile data is relatively affordable and consumer appetite for smarter devices grows, we need to look at the regulation perspective through an additional lens and impress upon the regulator to drive decisive action.

Fake mobile phones and the harvesting of data

Two reports from the recent past highlight this concern well.

The first pointed to the presence, in their millions, of what would be considered substandard mobile devices circulating in the market. The second, albeit from a different region confirms a suspicion that I have had for a long time of rogue Original Equipment Manufacturers (OEMs) covertly harvesting user data without consent, for onward additional monetization beyond the sale or perhaps other ulterior motives.

Mobile devices running off the Android platform are most affected and for obvious reasons. The Android code base is available under the non-copy left Apache license that allows for modification and redistribution. This is a double edged sword because it has led to amazing user experiences on innovative products but has also opened the doors, as any opportunity does, to rogue operators.

Put these two together and you begin to see the risks.

Privacy concerns

Cheaper, smart, data enabled devices with pre-loaded applications that a user cannot uninstall or change related permissions potentially means that on a daily basis personally identifying information from millions of users could be siphoned covertly.

The Kenya Bureau of Standards, with its import mark, does not cover this layer of consumer protection and consumer watchdogs barely scratch the surface and may not even identify this as a risk or have the technical ability to examine it.

The CAK should move to create a testing lab where all mobile phones destined for the local market are subjected to continuous and randomized vulnerability assessments with quarterly public reporting and a real-time reference portal that consumers can access to better inform purchase decisions. It need not be said that any OEM found crossing the line should face stiff penalties including device recalls and compensation.

The regulator already has available resources under the Universal Service Fund that could be applied towards this proposed physical lab with a direct benefit to all thirty seven million plus mobile subscribers in Kenya.

Data is the new gold and mobile ecosystems are the prime fields.


Cover image credit: Transsion Holdings.