When one raises their voice to speak about telecoms regulation, the common tangent is to speak against it, often referring to the many ways that the government is perceived as angling for access to its citizens’ private communications under a national security agenda, or battles between providers looking to either defend or grow their market share, lobbying actively for the Communications Authority of Kenya (CA) to take up preferred positions on policy matters.
However, in a market where mobile data is relatively affordable and consumer appetite for smarter devices is growing, we need to look at the regulation perspective through an additional lens and impress upon the regulator to drive decisive action.
Two reports from the recent past highlight this concern well.
The first pointed to the presence, in their millions, of what would be considered substandard mobile devices circulating in the market. The second — albeit from a different region — confirms a suspicion that I have had for a long time of rogue original equipment manufacturers (OEMs) covertly harvesting user data without consent, for onward additional monetisation beyond the sale or perhaps other ulterior motives.
Mobile devices running off the Android platform are most affected and for obvious reasons.
The Android code base is available under the non-copy left Apache licence that allows for modification and redistribution.
This is a double edged sword because it has led to amazing user experiences on innovative products but has also opened the doors, as any opportunity does, to rogue operators.
Put these two together and you begin to see the risks. Cheaper, smart, data enabled devices with preloaded applications that a user cannot uninstall or change related permissions potentially mean that on a daily basis personally identifying information from millions of users could be siphoned covertly.
The Kenya Bureau of Standards with their import mark do not cover this layer of consumer protection and watchdogs barely scratch the surface and may not even identify this as a risk or have the technical ability to examine it.
The CA should move to create a testing lab where all mobile phones destined for the local market are subjected to continuous and randomised vulnerability assessments with quarterly public reporting and a real-time reference portal that consumers can access to better inform purchase decisions.
It need not be said that any OEM found crossing the line should face stiff penalties including device recalls and compensation.
The regulator already has available resources under the Universal Service Fund that could be applied towards this proposed physical lab with a direct benefit to all 37 million plus mobile subscribers and goes a notch higher than simply spotting counterfeit products.
Data is the new gold and mobile ecosystems are the prime fields.