A glaring example of government intrusion

The Bangladesh Telecommunication Regulatory Commission (BTRC) has mandated the use of Bijoy keyboard on all imported and locally manufactured Android smartphones. Smartphones will have to install and demonstrate the APK file supplied by BTRC prior to getting marketing permission, and failing to do so will result in not being granted a no-objection certificate (NOC).

Usually, the Android Package Kit (APK) of the mobile handset app is verified and approved by Google Play Store on the basis of its international standard. In this case, the source code is checked to see if there are any privacy-infringing elements, malware, or any viruses or data theft interfaces. Contradicting this, the direction of BTRC, bypassing Google Play Store's safe and standard practice to install an APK separately, has triggered suspicion and mistrust in users.

In the past, a Bangladeshi IT firm called SK Technologies had raised questions about Bijoy's activities on social media with evidence. It alleged that Bijoy was stealing customers' information by adding malicious code to its software and that a Trojan was found in Bijoy Ekushe and Bijoy Ekattor softwares. According to antivirus software company Avira's virus lab report, the task of a Trojan virus is to steal user information.

Recently, the home minister confirmed that modern technology, like Open-Source Intelligence Technology (OSINT), has been added to the NTMC (National Telecommunication Monitoring Centre) to stop various activities against the country and government through social media monitoring (surveillance) on the internet. At the same time, an initiative has been taken to launch an integrated lawful interception system (a system of lawfully intercepting communication through mobile phone and internet). Transparency International, Bangladesh (TIB) expressed concerns over this and stated that such a move threatens citizens' rights. 

BTRC's directive to pre-install the Bijoy keyboard on all Android phones is an absurd, ridiculous, and rights-violating decision. The government has announced massive telecommunication, broadband, and internet data interception infrastructure deployment recently. Moreover, Israeli media outlet Haaretz alleged that Israeli spy tech has been sold to Bangladesh. Reportedly, advanced cyber tools to intercept mobile and internet traffic were sold to the Interior Ministry, internal security agency, and armed forces via Cyprus.

Bangladesh does not yet have any citizen data privacy protection legal framework. In such a vulnerable context, the BTRC's directive is a matter of great concern that should be checked for any intention to steal users' location, confidential information, financial information, passwords, or to trace their financial transactions. 

The biggest risk of the Bijoy keyboard being pre-installed is the threat it poses to citizens' privacy. As internet security and VPN expert KG Orphanides has written for Trusted Reviews, "You wouldn't think a smartphone keyboard could impact your digital privacy. But this is actually the case. Powered by machine learning, many smartphone keyboards apps send back samples of what you type to the company that owns them."

Also, there is a conflict of interest here. Being the Minister of Telecommunication, Jabbar cannot give instructions to the BTRC to use his own company's software. According to LIRNEasia's senior policy fellow Abu Saeed Khan, "This unlawful decree unequivocally raised a conflict of interest as the incumbent telecoms minister is Bijoy's patent-holder." 

Bijoy is only used in some public sector computers, Bangla printing outlets, and partially in the publishing industry. To put this into perspective, as of January 17, the Bijoy keyboard, which has a 2.9 stars rating, was downloaded 50,000 times from the Google Play Store, while Ridmik Keyboard, which has a 4.3 stars rating, has over five crore downloads. But other businesses and innovative competitors will surely lag behind if the BTRC directive is implemented. 

Though it has been said that no information will be collected by the keyboard, non-technical BTRC management have no way of confirming this because Bijoy's keyboard is not open source. The APK file may be clean in the beginning but, later on, location, confidential, and private data might be harvested by the keyboard. So, even if the APK file remains on the phone without use, it could become unsafe.

Although the app is free, there are sources of income within it for Bijoy from the in-app ads. So, there is also a possibility of crowd-sourcing app data being sold.

When switching the keyboard option from Google to Bijoy, the Android system alert itself warns that the particular keyboard input method could steal personal information like passwords or credit card numbers. 

Apart from the conflict of interest, this monopoly would be considered punishable under the Competition Act 2012 of Bangladesh. It cannot be ruled out that there may be a link between the government's crackdown on mobile phones and the BTRC's directive. As the general election is approaching, there has been more than a glimpse of growing unrest within the government. 

It is people's right to choose what method they use to input personal data in their devices. As such, the BTRC should recall the above-discussed instructions. If not, the upper court must be urged to intervene. 

Faiz Ahmad Taiyeb is a senior solution architect at Vodafone Ziggo Netherlands. He writes on sustainable development. Email: faiz.taiyeb@gmail.com