Opinions of Tuesday, 20 October 2020

Columnist: Samuel Dowuona

#DataMustFall or #DataLeakageMustFall – Part 2

A file photo showing some mobile apps A file photo showing some mobile apps

In part one of the write up on whether the challenge facing Ghanaians is that of high data cost or rampant data leakage, this writer set the context – indicating, with scientific evidence from expert industry organizations that data prices in Ghana have been on the decline for some years now. Ghana has the six lowest data cost in Africa and 34th in the world, out of 228 countries captured in a study.

So, the real issues, as Techgh24 gathered from several respondents on social media, have to do with data leakage and quality of service. The issue of quality of service was addressed with evidence from the National Communication Authority’s quality of service (QoS) Report for quarter three 2020, which indicates that, largely, telcos are doing well on QoS in majority of regions, with hitches mainly in the Volta Region and the northern part of the country. This brings the discussion down to data leakage and the causal factors.

Taxes

Top on the list is taxes, which is controlled entirely by government. As mentioned in part one of this article, for every airtime purchased, the consumer is paying a quantum of 22.5% in taxes, comprising of 12.5% VAT, 2.5% NHIL, 2.5% GETFL and 5% CST. So, until such a time when government decides that Ghanaians should no longer pay some or all of those taxes, they will continue to steal (so to speak) our air/data value away. Telcos are required by law to withhold 22.5% of the value of every airtime or data a customer buys and uses, and pay it forward to the taxman.

When CST was 6%, telcos made us believe they absorbed it on behalf of the consumer. In other words, they paid the equivalent of the 6% of every airtime the consumer use, but they did not take it from the consumers airtime or data bundle. But when the tax went up to 9%, telcos passed on the entire 9% to the consumer, which is not wrong because the tax is and has always been a consumer tax anyway.

One of the reasons telcos may have decided to pass the tax on to consumers is that, even though the tax is a consumer tax, the 2013 amendment to the CST law also placed CST on interconnect earnings of telcos. So, for instance, if an MTN customer made a call to a Vodafone customer, MTN is supposed to pay Vodafone an interconnect fee for allowing an MTN call to terminate on its network. The 2013 CST Amendment Act, Act 864 says CST should be charged on that interconnect rate as well.

The challenge here is this – first of all, CST is strictly a consumer/retail tax, not a corporate/wholesale tax. Secondly when the MTN customer made the call, he or she would have already paid CST; so why charge another CST on the rate MTN is paying to Vodafone? Thirdly, telcos do not charge their customers for receiving calls, so, why would government slap another tax on a purely wholesale earning of the telcos, for which they would be paying corporate tax anyway? Government’s obsession with taxing telecom revenue, by hook or crook, is part of the reasons Ghanaians may not be getting value for the money they spend on mobile data.

Indeed, the CEO of the Ghana Chamber of Telecommunications, Ing. Dr. Kenneth Edem Ashigbey agreed with the campaigners of the #DataMustFall on the need to reduce data prices, except his solution is not for telcos to absorb taxes but for government to scrap the CST and also abolish that 9% charged on interconnect rate, which amounts to double taxation.

Malware

One major group of data thieves are malicious malware, either hiding in the smartphone itself or in the Apps we downloads. Recently, cybersecurity and anti-fraud company, Upstream, via their expert member, Secure-D discovered and published some very worry malicious activities by some malware in some affordable handsets from China in particular, and also in several Apps on the Google Play Store in particular and the Apple Store. Some of these Apps, like Xender, are very popular the world over. In fact, in their report, Secure-D mentioned Ghana as one of the countries at risk of at least about ten of those malicious malwares that steal data and can steal even money from any account linked to one’s phone details.

The list of malware-infested Apps on the Google Play Store, to which Ghanaians are exposed include Xender, Ludo Game, Status Saver, Private Zone, Phoenix Browser, Face Makeup Camera and Beauty Photo Makeup Editor, Screen Recorder With Audio And Editor & Screenshot, VivaVideo Lite, CallApp, Children’s and Foot Doctor. A lot of the Apps on the Secure-D list have been removed from the Google Play Store. But those listed above are still in there, despite Google being made aware of their inimical features. The reason may be because those Apps, like Xender, are very popular and are cash cows for Google, as the downloads are in 100s of millions. Techgh24 reached out to Secure-D and they confirmed in a letter that indeed all those malicious malware-infect Apps listed above are still on the Google Play Store

Another cybersecurity company, Zscaler also discovered some 17 other Apps on the Google Play Store also contain one of the most malicious malwares called Joker, which was later found in an additional six Apps by Pradeo . Google itself, reported removed 1,700 from the Google Play Store because they were found to contain Joker and another malware called Terracota, which infected over 94,800 Apps. Other malicious malware found in Apps include PreAMo, X-Helper, and others. The list is endless. But Google has removed some, while others remain, and Ghanaians remain at risk.

Beyond the malicious malwares in Apps, one China-made affordable smartphone, Tecno W2 in particular, was also found containing a malware called Triada, which was installed in the phone itself, such that even if the user completely formats the phone back to factory settings, the malware would never be flushed out. Triada downloads X-Helper automatically, which then downloads other Apps on behalf of the phone users without authorization from the user. Those Apps would then be on the phone without the knowledge of the owner – they continue to perform activities and consume data and battery power. Some of those Apps also expose the user to unsolicited advertising and even to cyber criminals. Tecno W2 was in Ghana in 2015 and no one even knew they had malicious malware. What is important now is, currently, equally dangerous malwares exist on both the Android and Apple stores and Ghanaians are still at risk.

Hidden malware is not something one can blame the telcos for. It is entirely within the purview of the regulator (who is paid with taxpayers’ money) to ensure that devices that come into this country, and Apps used in this country are properly checked to ensure they do not carry malicious malware. Hitherto, it was within the purview of only the telecoms regulator, NCA, but another layer of regulation and supposedly, protection, has been added to it – the Center for Cybersecurity, which is another drain on tax revenue. The question then is, apart from organizing annual Cybersecurity Month to talk about the subject, what exactly is the center doing to protect Ghanaians from real and present dangers like malicious malware in phones and Apps? That is what is important – how Ghanaians benefit from the work of the center, and not the discussion of abstract phenomena at conferences.

Speaking of cheap Chinese phones – A4AI has said that even the so-called affordable phones are too expensive for many people in the developing world, such that about three billion of the world’s population are not online, largely because they cannot even afford “affordable” phones. This situation gives makers of affordable handsets a big market in developing countries like Ghana, and that puts people in those countries at the risk of buying more than they bargained for.

The best solution would have been for consumers to steer clear of affordable handsets, particularly from China, to avoid the possibility of being exposed to any factory-installed malware like Triada because the Cybersecurity Center and NCA do not seem to be on top of dealing with such issues on behalf of the populace who pay them. Till date, it is not clear what the cybersecurity center is doing in that respect and it is not also clear if the NCA has, as part of its type approval policy, a list of standards for mobile devices that come into the country. Chinese handheld devices in particular do not have unique IMEIs and yet they come into the country in their droves and the regulator is sitting by either unconcerned or helpless. That is a big problem.

Again, the manufacturers of such malware-infested affordable phones would say and do anything to avoid responsibility. Tecno W2 is a product of Transsion Holdings in China, the same company that manufactures Infinix and Itel phones. Techgh24 has since the news broke about Triada, reached out to Transsion through the contact page on their website and also via email. It has been more two months and they have not bothered to reply to our query. Indeed, when they were exposed in South Africa, the response from their country manager was that a third-party company they employed to play a role in the manufacturing process, was the one who installed the malware without their knowledge. Such a flimsy, porous, disingenuous, unethical and convenient excuse just to get off the hook. They failed to name which third party company it was, and they also failed to compensate victims of the malware.

So, as long as Ghanaians continue to patronize affordable handsets, the risk is still there. Again, to the extent that Android phones are the most used phones in Ghana, the risk of downloading a malware-infected App is still very high. But at least the known ones have been listed above for the benefit of Ghanaian, so they can avoid being victims of malicious malware in enticing Apps.

App updates

Beyond taxes and malware, however, are several default activities on smart devices, which do not need prompting to occur. Apps updates is one of them. Many smart device users think the only time their data run out is when they are on the internet browsing, streaming, downloading or uploading stuff. Often, people say “I bought X amount of data last month and it lasted me for the whole month, but when I bought same amount again this month, it got finished in just a week or a day”. News flash: data consumption has nothing to do with time like many people think. It has to do with bytes. Depending on what one uses the data for, the same amount of data can finish in one hour or one year, particular now that there is no expiry date on majority of data bundles.

It is also important to make the point here that the very essence of a smartphone/tablet is its ability to perform functions without the user necessarily issuing a command. For instance, several Apps do update automatically and all of that consume data. This is no longer rocket science or an abstract phenomenon. The Apps updates is part of why the customer gets great experience on the device. If the updates don’t happen, the device would at some point begin to function abysmally. So, the fact that the consumer is not browsing does not mean the data is necessarily intact.

Closely related to Apps update is Operating System Update. This one happens at certain times of the night. Because it consumes loads of data, it usually happens when there is Wi-Fi. But with the benefit of Fibre to the Home, TurboNet and others, these updates happen daily in some cases, and they consume lots of data. Primary, they use Wi-Fi, where available, but if the settings on the consumer’s phone allow them to use mobile data, that is exactly what will happen. This is not controlled by the telco. Not at all.

Backups

Also related to that is the consumption of data by automatic backups. WhatsApp, for instance backs up all media (photos and videos) at a certain time of the night. All of that consume data. Sometimes, this writer notices about 2GB worth of backup on WhatsApp at deep night. That data consumption is not from a deliberate activity like browsing. Until the user issues specific standing order to stop the automatic updates and backups, the smart device would always perform those functions on the user’s behalf by default. So, it is important to check for all default commands that can consume data, and change them if that is what one prefers.

Messages

Again, unlike receiving SMS, which is free, receiving messages on WhatsApp, Telegram, Instagram, Facebook, Messenger and all the other social media platform, come at a cost to the user. So, once the user opens and reads a message on these social media platforms, they are charged for it even if they do not send a reply. So, even in their passive state, smart devices consume data.

Automatic downloads

Some smartphone users also turn on the automatic download of photos and videos feature on platforms like WhatsApp and others; so, the device automatically downloads any and every picture and video sent to the device via social media and that consume a lot of data even before one gets to see it. Sadly, a lot of those material are not necessarily useful to the customer but data is wasted on them because the user may have put the WhatsApp media download on automatic mode.

Quality of content

Speaking of download, the quality of the picture, video or audio one downloads or uploads would also determine the amount of data consumed. One may, for instance, stream a movie online for 100GB, but another movie may take 500MB, depending on the quality of the pictures. So, it becomes illogical to make the argument that once a particular movie that lasted for a specific period, took 100GB, all the other movies, which last that long, should take something similar or at least close. It simply does not work that way. Again, the size of any file or material or even website one opens and browses, also affects the amount of data consumed.

Telcos

Finally, it is not as if telcos sometimes do not make mistakes and take more data and even airtime from customers for no active or passive activity on the user’s phone. Those mistakes do occur sometimes, just as sometimes telcos mistakenly give some customers more data or airtime than they bought. It is a machine thing and can happen. In several cases, telcos had refunded lost data when they found out that the user lost the data for no activity. Sadly, however, sometimes the telcos would simply claim the data was used for browsing, but are unable to tell which sites the user may have browsed, and the online history on the user’s phone does not also reflect the so-called browsing the telcos claimed.

Multiple Website Windows

Speaking of browsing, sometimes phone users open several websites and or windows on their phone; meanwhile, they would be using just one window at a time. When this happens, all the other opened windows on the background continue to use data even though the phone owners may not be browsing those pages. It is important to close all windows not in use so that one can protect their data. That explains why even some telcos have segmented their data bundles, such that every opened window online is allotted some amount of data. When that happens, when a certain threshold is reached, the data is stored in expectation that the user would go back to that opened websites; so, the user is refused usage of the remaining data for other things, until he or she closes some of the redundant windows. All of those consume data via the user’s own doing.

Beyond the foregoing, there may be other factors that cause data to run out without prompts from the phone or device user. But what is important is that, except for one, all the other data thieves are not in the purview of the telcos.

Secondly, it is completely erroneous to link data consumption to a time period as data is not measured in time but rather in bytes. Lastly, always report your data loss to your telecom service provider if you have doubts about the consumption rate. And remember that on the average, data prices in Ghana are on the decline so the hashtag #DataMustFall campaign is late in the day.