Telecom service provider Airtel is reportedly spying on its users, injecting code into their browsing sessions over its 3G networks. According to reports, Bangalore-based programmer Thejesh GN found the issue, and posted the source code to Github. It was further revealed that Airtel has tied up with Ericsson, which then hired an Israeli company called Flash Networks to inject the code into the browsing sessions. All of this was done without the knowledge of any Airtel user.
Interestingly, Thejesh was slapped by a cease and desist notice by Flash Networks, for publishing proprietary code on Github. While it’s unclear what exactly Airtel was using the code for, reports say Flash Networks helps mobile service providers to insert their own advertisements by intercepting users’ browsing sessions. When done without the knowledge of the user, this amounts to malpractice. The other question raised by various publications and people is how an Israeli company gets to threaten an Indian citizen for exposing what is essentially the truth.
Airtel has issued a statement in which it accepts the usage of the code, but says it wasn’t being used for illegal practices. Here’s Airtel’s statement,
This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data.
We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.
Further, reports say that not only Airtel, but Vodafone is also allied to Flash Networks. While no reports have come in against the latter, it wouldn’t be a surprise if Vodafone is found to be doing this as well.
Update: Airtel has accepted that there is some extra bit of code injected, but has also called it a 'Standard Solution' to track user data usage.