Where are”Made in India” products ?

At start of 2016, I wanted to experiment to purchase more  Indian stuff. The experiment made me realize different aspects of life and economy. The more I went by bus and cycle, the awareness of ground reality becomes more evident. For first time, I have decided to move to Khadi shirts and already put the same in action.

Observing books & gadgets where I spend most of my time, i was not proud of my purchases and usage.

  • Used Nokia and Blackberry phones earlier. Our home sees usage of kindle, iPod and iPads. Where is Indian device?
  • Use Facebook, LinkedIn, twitter, Ever-note, Dropbox and Skype. Where is popular Indian software or mobile app?
  • Use GMail, YoutTube, Yahoo without memory that they are not Indian brands. Same with HP , DELL or IBM/lenovo laptop. where is Indian laptop? .
  • Read  yourstory.com articles and used to comment my view. Realized I am forced to perform Facebook login and post comments, decided not to post comments.Thanks To Yourstory.com for regional language focused stories, while all is in English
  • Adhaar uses bio-metric devices manufactured from foreign locations. Do i believe that my tax money is utilized well for my country’s own welfare? I did not get Adhaar.
  • I purchased Tamil books in shops. As online market place sells books at deep discount, I buy books in the online market place. Still I am resisting the urge to buy a paid book on kindle for myself to read. Should I pay more price and buy book in shop?

I wanted to buy new phone. Apple phones are too costly and do not fit with “Value for money” concept. Moto is China brand and unsure of reliability. The market flooded with Samsung and brands of Chinese phones. Brands like Nokia and Blackberry are dead. Microsoft is in ICU or brain dead.  Clearly indicates that India is consumer market for foreign smart phones and is not innovation center for smart phones.

While I was at school, my friend’s brother  worked for C- DOT. On his home visit, we hear his work place experiences of what they are creating for India. Their creation and transition to digital telecom switch technologies was fore-runner to enable Indians to leapfrog from analog phone era to digital phone era with STD booths.

Today, What to say my daughter about what is created in India?  My daughters do not get to experience STD booth in the current era of internet and smart phones.

When I look back to 90s era when I was at high school, I do not remember many reliable Indian brands of Television and VCR players. Then the market was flooded with foreign TV brands. We see a similar trend in refrigerators and washing machines. You see the same trend has come to smartphone industry.

Earlier mobile phones arrived with US brand or Europe brand (manufactured else where). Brands like Nokia, Blackberry and Samsung were more prevalent when the market was small.  As the demand for mobile devices increased, new  Indian brands like  Micromax and Spice introduced. These brands manufactured smart phones in China and distributed in India and did not have better relaibility or better service centers like NOKIA

Except Nokia, no mobile manufacturer hosted a manufacturing facility in India.With no expertise to manufacture smart phone, innovation benefit from mobile smart phone  hardware is lost for Indian economy.

Today Chinese companies have sold to more than 90% of their country people and find their market saturated. In their search for new markets, they look at India, which is new market for Chinese.  With advantage of manufacturing and innovation, Chinese companies are leveraging free Indian market places like flipkart.com and snapdeal.com to reach to Indian consumer and offer phones at low prices and large benefits . See article

Effectively Indian customers and e-market places are collaborating to enable Chinese manufacturers to dominate and take over smart phone market. Chinese companies have money to advertise phone features and sell at lower cost as they own the factories and creation.

While I understand that support for Indian entrepreneur to stand up Chinese dominance from India is less, working in IT industry in Bangalore gives me a feeling that I am part of creating problem ad Indian customer and Indian IT professional.   

  • Indian customer purchases mobile phones and devices from foreign brands. Indian customer purchases apps from foreign brands.
  • Indian professional work for foreign companies and earn huge salaries. Salaries paid in Indian Rupees are  smaller than profit earned in dollars. Indian professional fail to learn nuances to launch their own products and make it successful.
  • The impact of automation on jobs will have more impact in India than in USA. Indian service companies in BPO and IT sector will need less number of people for jobs.
  • The new behavior of buying new phones in every 2 years is helping established foreign companies to capture Indian market and get a strong foothold here.

Need to do something. Write to me your thoughts.

Be watchful of online Shopping Behavior

Do you purchase things very frequently online? Do you buy unnecessary item as there is a discount offer for item in online market-place?

Today we can purchase most items via online market place. Online shopping have their own benefits that is not available on purchase via shops. Women can purchase items like napkins, inner wear online with freedom and hesitation. Your choices are not limited by the brands displayed by shopkeeper. You can read reviews on items to be purchased and make sure about item quality, prior to placing order. Once the item gets packed and arrives at your home, you can pay for the same, added with convenience and avoiding traffic jam. I agree with these benefits of online shopping.

Sharing my experience with Thanksgiving day Sale in first year of my stay in USA. I stood on queue to enter shop with a friend at 4 am, assuming best branded items were available at discount. No, I was wrong. Unknown brand items and items not sold, outdated items were on offer.

Interacting with people made me realize that the sale is an opportunity for companies to push items not sold in year at discount. People get lured by discount and make purchases without clarity whether items are really needed, add to their credit card bill, which gets paid till next year sale. I did not visit next year.

addiction present.png

Ask yourself questions: Have you made use of things bought by you in last 6 months? Do you remembers items bought by you across last 6 months? What did you forget? Are there any unopened package lying around? Have you noticed office colleagues spend time on online shopping and running to front gate to pick up delivery and coordinating with delivery boy for logistics. Have you observed, a set of unopen e-eCommerce packets at friend or colleague desk? Your colleague or friend is not solely responsible for their state. May be they are addicted to online shopping.

One may get surprised to hear the word “addiction” used here. You may have heard the word addiction used with excessive cigarette smoking, alcohol or  drug consumption. Yes online shopping can become addiction. Let us understand more.

On browsing and viewing a particular item or particular book on eCommerce site,  the same item gets displayed as ads in web pages of the non-commerce website like your email or social networking sites. A weak person to shopping may end up purchasing the item. For convenience, people have permitted  self tracking from different aspects. This means advertisers to know about your behavior patterns and the possible ways that you can be attracted to make a purchase. The advertisers may also know industry you work, and lure displaying items bought by your peers or folks in your social networks. When items you like/ are displayed, there is more probability for you to  buy item.

images sad

Track the amount of time spend on the online shopping sites. May be you think that time is saved by purchasing online. Measure time spend before coming to decision whether online shopping saves time or consumes more time. Check whether you have already got the habit of impulsive buying?

influencer

 

The human mind is wired to focus on one thing at a time. So a big minus on the price tag can easily divert your attention from everything else. All you can focus on is getting the deal cheaper than everyone else, and it’s easy to overlook value. That is exactly the bait the eCommerce companies have laid for you.

Keep asking ” Do I purchase for the sake of buying or I have a need for item and buy the same.” Advent of payment banks and digital wallets can lead people to spend more money. If you fear being addicted to online shopping.

1.Go to eCommerce site and look at “My orders” section. Folks using multiple social networking accounts to login and make purchase needs to create a consolidated view from all accounts where you have made purchase. You also start to see categories where more items are purchased.

2.Calculate consolidated expenses on your debit cards and credit cards. Compare the same with year back or period when you were not doing much of online purchases. Have you started to spend more money on shopping? Create a saving goal to be achieve in the next 6 months and that would help you to restrict your impulsive buying.

3. Observe your behavior when your online purchased item is not delivered on time. Do you waste time coordinating and get frustrated and post harsh comments on twitter? These frustrated moments indicate your attitude towards online shopping and are times to self observe to understand your behavior towards online shopping. When we crib about other’s inefficiency, first observe yourself for becoming addicted.

For people realizing their addiction to online shopping, 3 things to start with.
• Uninstall shopping related mobile application.
• Push all the promotional emails from eCommerce websites in to your spam folder.
• Unsubscribe for promotional emails from online commerce sites. (Do not expect commerce sites to make this process seamless).

To complete, while there is none to help you learn to save, there are lot of IT start-ups helping you to spend money and get loans in easy and convenience of your home. We are in era similar to era where credit cards were introduced. Like people suffered by overspending on credit cards, people will suffer from online shopping addiction.

Much more happens to influence your attitude towards online shopping, leading to addictions. Is there Indian re-habitation center to help online shopping addicts?

De-addiction

When Nokia Lumia 525 gets upgraded to Win 10?

I have iPad bought in 2011 from Apple. My device gets upgraded every year. The one thing missing in iPad is recording voice. My daughters used this feature extensively and were unhappy. They are still happy with iPad as other features continue to work with new releases also.

I bought Nokia Lumina 525 in 2014. I installed few mobile apps on  phone. For last 6 months, there are no application upgrades for phone.  Software Uploads and Downloads page for 525  specified latest version as 8.10.14219.341 which is on the phone. My phone has this version 8.10.14219.341.  Microsoft support site  claims that my phone version is eligible for the advantage of the upgrade to Windows 10.

None of my apps seem to work properly including LinkedIn and neither they have updates. Application developers have not provided updates as Microsoft has paused the upgrade to Windows 10 as mentioned in Microsoft  pauses Lumia 520, 525 updates.

As developer, I have windows 10 on my home  and work laptop. I need to purchase a new phone to develop an application that works both on computer and mobile.

I do not like to be in this stage. I do not like to be made to wait for upgrade. Should I trust Microsoft to provide upgrade at all? Will it become hoax? With no upgrade available, this phone bought close to Rs 10,000 has proved that it is not value for money compared to my wife android phone bought for Rs 6,000.

 

Mobile App Security – Developer Tips

Developing hybrid mobile apps to work in both online-offline mode exposed me to security flaws/loopholes in android system, that needs to be considered in mobile app. Recommend a visit to Open Web Application Security Project (OWASP) for tips to improve the security

Here are pointers that i noted specific to mobile over time. To start with I recommend an approach to security flaws in mobile app to be holistic and wholesome. Identify all possible areas of application attack, including client application, API back-end, server and database related vulnerabilities. An entry point at any of these places may cause a threat to the whole application/it’s data. Are you sure that there is no security vulnerability in code connecting with API back-end(social network)?

Mobile application may unintentionally leak sensitive data to attacker. One Commonly observes that developers leave private key in plain form in source code after implementing cryptography to safeguard data. .

  • Ensure that code used for logging during development phase does not have data that make application prone to leaks.
  • Do not keep any sensitive data to be present as part of the code. Any attacker with access to the binary can decompile the app and view sensitive data in the source code.
  • When user copies sensitive data( ex: security answer) from the app, & place the data on device clipboard, data is available for copy (hacked) to other apps without knowledge of the first app.
  • Native apps can be easily reverse engineered and Java source code viewed. The attacker can see source code and any sensitive data hard-coded in the code. The hacker can modify the code in the app,re-compile it and distribute the apps in the third party markets.

Mobiles allow to store data at client side. Does your app stores sensitive ,confidential and private data on the device? An attacker with physical access to the device gains access to this data and can perform anything. A malicious app gains access to this data in a rooted/ Jailbroken device.  Be aware that data stored on SD card can be vulnerable as it is possible for other apps to read this data from the SD card.

  • Avoid storing private or sensitive data on SDCard.  To store data in SDCard, encrypt the data and keep it away from attacker’s control.
  • Please do not print sensitive information like username, password, web service URL, request or response, etc in the LogCat.
  • To  store app data across user sessions, choose Internal Storage  in private(Context.MODE_PRIVATE) mode. The created file can be accessed by calling application(or all apps sharing the same user ID).
  • Input validation is required in mobile applications. On no input validation is in place, the mobile app becomes source of security flaws for server code like SQL injection, Command Injection, Cross Site Scripting vulnerabilities.

App should expire sessions found inactive for a particular period of time, so that attackers cannot make malicious requests to the server. All requests should be time stamped on client side and expire after a period of time as defined on the server side. A shared secret known only by the client and server, used by the client to sign requests, prevents the server from accepting those that are  modified. Limit the amount of time a request is valid, as the longer a request is valid.

In Mobile Web app development,  WebView class has major role to display web pages as a part of activity layout and does not include navigation controls or an address bar. While WebView helps to display content from locally stored HTML or fetch HTML and other content from server, WebView and associated components needs to be restricted to access local data. Beware of major security concerns with setAllowFileAccess() and setAllowContentAccess() methods

Restrict Content Provider using exported flag set as false. It’s not the case that every time we develop Content Provider for data exchange between applications but Content Provider can be developed for single application or private.

Be aware of the safeguards that can be implemented for data Exchange that happens between activities of a app or between apps on the device.

  • Use LocalBroadcastManager for broadcast data within process/app. When you broadcast data, the data won’t leave your app, there is no worry about leaking private data. Do not pass sensitive information through Broadcast & Intent.
  • Prior to processing Intent received by onReceive() method of BroadcastReceiver, program needs to validate the caller’s package name, action and other related information. When permission attribute is set, the receiver gets protected. Only broadcasters who are granted this permission (by requesting it with the <uses-permission> tag in their AndroidManifest.xml) will be able to send Intent to the receiver and this helps to secure the android application from malicious intents.
  • Set exported flag as false if the activity is only for the internal use of the application. <activity android:name=”view.MyActivity” android:exported=”false”> </activity>

Precautions related to Server Requests

Servers connected to mobile application should treat every request from the application as a possible attack and should confirm the authenticity of every request. All communications via app should be safeguarded to prevent attackers from reading wireless communications.

  • Verify for special characters in input of mobile app to help in preventing XSS attack.
  • URLEncode and HTMLEncode can be used to encode the output data received as input.

To end, today one sees new innovations around reward points and mobile wallets. This may not involve integrating with payment gateway of banks that demand highest level of security. Still, Do not make them easy to break and steal.  Any leak in areas(like rewards) has significant impact on the app branding.  Ensure that code working with mobile wallet adheres to security guidelines, similar to money related transactions.

Mobile App Security – Be-aware end users.

You hear that Android is open source and  developers all over world have a chance to create creative and innovative apps. You download different apps to experiment. Some apps get used regularly and some apps used only once and some not even once. You end up with quite few apps installed on the device. Do these apps make you vulnerable for security attacks?.

Security vulnerability is not limited only to android. Being an open source system, hackers easily find a predictable method to break-in android using the few regular actions performed by end user( end-user assumes security is granted). This applies to either consumer app or enterprise app.

  • Be aware of risks to install unknown third party app:  In simple wallpaper app and complex native app, application may request user permissions on the device to allow device to perform  restrictive actions. These third party apps are good host for third party hacks. You installed app lured or introduced thru social networks.
  • Be aware of Cloned Version of app present : On searching for app with name of specific brand, You find there are multiple Cloned version of app in app store search results. In hurry, you install one which you consider correct one. What happens when installed app is wrong one?  When user enters data in this app, the data directly goes to hackers. More than 50% of market place android apps have cloned versions.
  • Insecure wi-fi You happily connected to insecure wi-fi in public places like cafe, malls and airport. As you did not take special precautions to use a hot spot, an  attacker may sit in and eavesdrop on the data being passed from the app or inject malicious data in to your device through insecure wi-fi
  • Devices do not encrypt internet and local network communications. Even when wi-fi is security safe, the network faults can impact you.
  • Software updates are not downloaded securely, enabling attackers to intercept what gets downloaded. By adding malicious code, hacker can attempt to gain access to track all user activities on the device.
  • Access to latest software in device When security flaws are found in mobile OS, patches are released to secure your device. Some of you would claim that mobile carrier has assured download of latest updates. Be warned to fact that most devices don’t receive the fix right away, if ever, manufacturers are notoriously slow in providing updates and are also delayed by lengthy internal testing prior to software’s official release.
  • Session left active when app exited. You have been happy that you were asked to login to app only first time and then there was no need to login again.  Be prepared that closure of app does not mean that app is logged out of the server and session is valid. Any attacker can pick up this valid session and steal data, funds or merchandise stored in server.

Citizens + IT + Chennai Rains 2015

We can sit closely and enjoy the moments, when nature Sings.. But when nature shouts, it makes the situation very tough and sad.
Across Chennai rain fiasco, my mind started to review assumptions on technology like whether power is  available around clock and how good is mobile technology solution enabler in times of emergency.

While we see positive benefits of sharing  information using Facebook and WhatsApp to enable better in  rescue  and relief operations and also see that social media & mobile helped to know happening in Chennai, collect relief in Bangalore and send across to Chennai, first hand experience Chennai Come December led me to “What are challenges faced by people?

Mobiles did not work in Chennai at need of hour. Parents and children have cultivated habit of talking every day on mobile. When they could not talk during uncertain times, it created anxiety and fear. My wife’s face reflected this and also parents coming to Chennai as they did not talk for 4 days to their daughters. In reality, Chennai folks were safe. Expand beyond mobile only dependency to keep in touch with loved ones.

Cellular companies shared unavailability of power and/or diesel generators as reason for cellular towers not work and hence mobile calls were not reliable. Seems that without power infrastructure in India, we should not put trust and belief in  mobile reliability. Work places in Bangalore faced  internet connectivity failure as NOC center of internet provider located at Chennai failed due to reasons. I do not want to ask why things failed. My question is how far to believe technology solves society’s problems? Remember  power of mobile depends on electricity and take care to ensure that mobile outage does not impact your life.

My friends in Chennai talked of getting  pump to remove water from second basements. They were unfortunate to not have power and neither diesel generator working to power pumps. Be prepared and always be used to perform human labor. Even robots stop working without power.

Bank ATMs failed to work in Chennai.Some worked and had no cash.  More at ” people have little cash, need to rely on generous shopkeepers“. ATM working is more important in  emergency times compared to normal times. Same issue also exists in normal days. Would banks look for creating reliability & resilience  in ATM operations? Does bank branches open on weekend being aware of Chennai floods impact on ATMs? ICICI Bank, HDFC Bank, SBI unveil slew of initiatives for rain hit clients  Keep some cash sufficient for basic survival  for at-least one week. One

Lot  make use of Ola and Uber for transport. You order food from online grocery. Folks did not get Ola/ Uber cabs in flooded areas of Chennai. Not sure of grocery apps status. Some of us have developed habit to buy groceries and vegetables on-demand and maintain less stock  at home. Please  read  Left in the lurch and  Rains Keep Taxis Off Roads; Auto Drivers Make a Killing.Continue to hold your car. Continue to maintain extra stock of  10 kg flour bag or 25 kg rice bag at home. Ensure presence of alternate sources to procure groceries in addition to on-demand providers .

Coming to IT organizations ,  media news made me wonder how much IT firms value the employee & their family welfare  in emergency when  there is also challenge for business continuity.

Though I restrain  to make quick judgement, I see emergence of two different opinions. IT companies took care of  employee welfare . Families failed to get support of IT employee as the IT employee was stuck at office and the house got flooded with water.  Which one is true?

Another learning was about the impact of sacrifice of  Pallikaranai marshlands  to accommodate the IT corridor.  When I studied in Chennai, i have observed large green cover during my travel on east Tambaram to  Velachery , which has reduced significantly today.

IT_at_Pallikaranai

While we start with question how the government approved , I transition to the basic question “Did intellectual IT industry perform feasibility study on IT corridor prior to moving?  Did they assume that rainwater to offers exemption to elite industry, similar to Indian govt?”.  Rainwater does not care  of  work in software parks in its own habit to occupy its old places and brought back-office work of American banks to a grinding halt.

Ending my blog post with image with Tamil Wordings, from Facebook. Rice is not present on internet

What next after Uber ban ?

After unfortunate event for Indian women in Delhi, and government decision to ban Uber, media is populated with articles that project problems faced by taxi drivers due to ban and more of the drivers and taxi company perspective. After reading   A wide new world by , I decided to write this blog to re-emphasize focus on passenger (customer) needs of safety and compliance’s to be adhered by taxi providers.

Here are some articles. Behind the smoke and noise, what’s next for taxi companiesCab drivers go extra mile to toe the line, post Uber crisisDelhi rape case: 5 reasons why banning taxi companies may not be a good idea and Ban on Uber Service in India Causes Lenders to Halt Taxi Loans . The government officials acknowledge that ban is not the right step to be taken and accept their unpreparedness resulting to prefer a ban as short term step. Here are pointers to help government to come with guidelines for taxi Company and taxi drivers offering service based on technology.

I acknowledge that these regulations are not in place for traditional taxi companies across India. Today innovation is driven by technology and marketing (reduced price and ads) of taxi companies. Let us realize that the new innovation matters only to 10 to 20% of Indian population that has affordability to travel by cars and the remaining 80% uses public transport and no one innovates for public transport.

Government has expenses to perform compliance checks like background check for the driver and also setup systems to help audit taxi companies. The government also needs to setup corpus to fund service at emergency times. Should the government pay all expenses with tax payer money?  Hence we need to acknowledge the government needs money to act on changes coming from new innovation offering convenience for affordable passengers using mobile application and enables cab drivers to earn more money.

Can taxi provider help government to develop new initiative to bring compliance in to space? The taxi provider would develop trust in minds of the passenger by creating the positive experience for passengers.  The government needs to ensure that following stakeholder needs are addressed when passenger hires car using technology/mobile.

  • Passenger: utilizes the service and pay for the service.
  • Consumer Forum: represent all passengers and work for their benefit.
  • Cab Driver: offers the service. Assume that car driver is car owner and hence one more stakeholder.
  • Car Owner: owns the car and shares the responsibility and profit with drivers. When car is bought by driver, leasing company is owner.
  • Taxi Company:enables driver and passenger to connect and complete service. They might use technology for this connection.
  • Cellular operator: This entity is involved when the taxi company uses mobile technology to connect them.
  • GPS device manufacturer: What is GPS compliance levels for devices to be installed in car for taxi company to allow car and drivers to board on their market place?
  • Consumer Technology Expert:  A non-IT person cannot understand impact of technology on consumer.

The taxi providers can help the government  to setup transport authority as follows

  • Committee: To represent all the above 6 stakeholders
  • Publish Guidelines to be adhered by stakeholders online. Have mechanism to collect feedback from public and experts prior to guideline’s become approved as policy.
  • Taxi Service Compliance Approver approve stakeholders based on adherence to guidelines. The approver can audit the system of the taxi companies on regular basis for compliance.
  • Police support to facilitate in areas of emergency and enforce responsibility of stakeholders at times of emergency including insurance
  • Taxi Passenger Ombudsman to help aggrieved passengers to get compensation in genuine cases like loss due to service not provided for passenger. The ombudsman can recommend to police for suspension of taxi drivers and also suspension of taxi companies.
  • Training department: Drivers need to undergo the training or self-learn, similar to driving license and undergo tests approved by RTO office. The questions shall be in language of driver. The answers need to be recorded and are available for police and taxi companies to access prior to approving the driver.

In addition the taxi companies can also facilitate the transport authority to come with operational guidelines.

  • Not involve in areas of price conflicts and Distance conflicts between passenger and driver. The taxi company would get involved here.
  • Not involve to fix price per km for pricing for service. The government and oil companies would influence here.
  • Help government to collect services taxes and approval fees from stakeholders.
  • Collect deposit for emergency fund to support emergency scenarios due to non-compliance.
  • Coordinate with police to perform background check of drivers and provide police with the guidelines that taxi company needs to comply.
  • Help to collect any overhead charges needed to build system and operations cost for police to support taxi providers.