BharOS, India’s answer to Android, may not be as ‘secure’ or competent as you think
A cosmetic clone
BharOS, however, appears to be nothing more than a simple ‘find and replace’ job where strings originally referring to ‘GrapheneOS’ have been collectively replaced with ‘BharOS’ instead, raising questions about the intent, integrity, and competency of the team involved with its development. Claiming technology developed by open source contributors as part of what was painted as an ‘Atmanirbhar’ effort is disingenuous. It invisibilises the labour and intellectual property of open source contributors.
The BharOS project might also be in violation of the open source software licence with which GrapheneOS is shipped. While the GrapheneOS licence does permit use, modification, and redistribution of the source code, it also requires that the licence be further included in any modified distribution of the source code. The same software licence was, however, conveniently omitted from the BharOS repository.
The claims surrounding the security and privacy features of such a project should also be taken with a grain of salt. This is primarily because of a fundamental security flaw that is introduced when existing open-source software projects are forked. Vulnerabilities uncovered in the upstream (parent) source tree for a project become harder to patch in the downstream (child project) source tree, due to divergences in the code of the two projects.
This essentially means that any security updates released for GrapheneOS might not result in simultaneous security updates being released for BharOS, if at all.
These concerns highlight the importance of transparency, ethical conduct, and respect for the contributions of others in the realm of open source technology development and innovation.
Technological mysticism
Professor V Kamakoti, director of IIT-M and a long-time proponent of BharOS, said at a that BharOS would “revolutionise the way users think about security and privacy on their mobile devices”. The Press Information Bureau, reporting from the same press conference, wrote that BharOS was already “being provided to organisations [with] stringent privacy and security requirements”.
Apart from his association with BharOS, Kamakoti is also a member of…
