PrepLiberty.
Updated · Today
Science & Technology July 03, 2026 5 min read Daily brief · #18 of 43

Govt orders Apple, Google to remove 7 Chinese apps

The Ministry of Electronics and Information Technology (MeitY) directed Apple and Google to remove seven Chinese apps — including BAT-BMS, Epoch-i-ion, and L...


What Happened

  • The Ministry of Electronics and Information Technology (MeitY) directed Apple and Google to remove seven Chinese apps — including BAT-BMS, Epoch-i-ion, and Lossigy — from their respective app stores.
  • These apps were Bluetooth-based Battery Management System (BMS) tools, primarily developed by Chinese firms such as Shenzhen Grenergy Technology, and used to manage lithium-ion batteries installed in electric vehicles including e-rickshaws.
  • The apps were found to be exploitable: because many batteries ship without password protection or retain default factory credentials, anyone within Bluetooth range (10–20 metres) could connect to the battery and remotely cut its power, instantly disabling a moving vehicle.
  • Viral videos showing e-rickshaws being switched off mid-road triggered official scrutiny, with concerns spanning road safety, driver livelihoods, and the broader security of Chinese-manufactured hardware embedded in India's EV ecosystem.
  • The action marks India's first government-directed ban targeting data security risks in connected vehicle components, with officials signalling further bans if similar vulnerabilities emerge.

Static Topic Bridges

Section 69A of the Information Technology Act, 2000

Section 69A of the Information Technology Act, 2000 (as amended by the IT Amendment Act, 2008) empowers the Central Government to issue directions to block public access to any online information — including websites, social media content, and mobile applications — when it is in the interest of the sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States, or public order, or to prevent incitement to a cognisable offence.

  • Enacted through the IT (Amendment) Act, 2008; operative rules issued in 2009 as the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009
  • Blocking order must be approved by a Committee comprising representatives from the Ministries of Law & Justice, Home Affairs, Information & Broadcasting, and CERT-In; a designated officer (Joint Secretary rank or above) issues the final direction
  • Rule 16 of the 2009 Rules mandates that all blocking orders and related communications remain confidential — the government is not required to publicly disclose the reasons
  • Prominent uses: ban of 59 Chinese apps including TikTok after the June 2020 Galwan Valley clash; ban of 224 apps in subsequent tranches; various Twitter/X content withholding orders
  • The Shreya Singhal v. Union of India (2015) Supreme Court judgment struck down Section 66A of the IT Act as unconstitutional, but upheld Section 69A as constitutionally valid, noting its narrower grounds and procedural safeguards

Connection to this news: MeitY invoked its powers under Section 69A to direct the removal of these seven Chinese apps, citing national security and public order grounds arising from the ability of these apps to remotely disable vehicles on public roads.

Cybersecurity and the Threat of Embedded Foreign Hardware/Software

A critical and emerging area in internal security is the risk posed by foreign-origin software and hardware embedded in critical infrastructure — an area India has increasingly legislated around. Battery Management Systems (BMS) in EVs form part of the operational technology (OT) layer of the transport ecosystem, distinct from traditional IT, yet equally vulnerable to remote exploitation.

  • CERT-In (Indian Computer Emergency Response Team), established under Section 70B of the IT Act, 2000, is the nodal agency for cybersecurity incident response in India
  • India's National Cyber Security Policy, 2013 calls for building a secure and resilient cyberspace; a revised policy has been in development
  • The National Critical Information Infrastructure Protection Centre (NCIIPC), set up under Section 70A of the IT Act, protects critical information infrastructure
  • The IT Rules 2021 (Intermediary Guidelines and Digital Media Ethics Code) impose due diligence obligations on app store intermediaries (Google, Apple) to comply with government take-down orders within 36 hours for emergency requests and 72 hours otherwise
  • Bluetooth-based exploitation (as in the BAT-BMS case) is categorised as a proximity attack — distinct from internet-based intrusions, but increasingly relevant as IoT devices proliferate in transport, energy, and manufacturing sectors

Connection to this news: The BAT-BMS case illustrates the OT cybersecurity blind spot — the physical safety consequences of insecure connected devices went unnoticed until misuse became public, prompting the first government action targeting Chinese-origin vehicle-embedded software.

Digital Sovereignty and the Regulation of Foreign Apps in India

India has progressively asserted digital sovereignty — the right to regulate digital infrastructure, data flows, and application ecosystems within its territory — especially in the context of apps developed by firms from countries of strategic concern. Post-Galwan 2020, India banned Chinese apps in multiple tranches under Section 69A, establishing a precedent for using national security law to regulate app store availability.

  • First batch (June 2020): 59 apps banned including TikTok, UC Browser, WeChat — first large-scale use of Section 69A against foreign apps
  • Subsequent tranches covered over 300 additional Chinese apps across 2020–2022
  • The Personal Data Protection Bill (now the Digital Personal Data Protection Act, 2023) creates a framework for cross-border data transfers, with the government empowered to restrict transfers to certain countries
  • The IT Rules 2021 require significant social media intermediaries (>5 million users) to appoint a Chief Compliance Officer, Nodal Contact Person, and Grievance Officer resident in India

Connection to this news: The July 2026 ban of seven Chinese BMS apps extends this regulatory pattern from consumer-facing social media to industrial/IoT applications embedded in transportation, signalling a broadening scope of India's digital security enforcement.

Key Facts & Data

  • Statute invoked: Section 69A, Information Technology Act, 2000
  • Operative rules: IT (Procedure and Safeguards for Blocking) Rules, 2009
  • Implementing ministry: MeitY (Ministry of Electronics and Information Technology)
  • Apps removed: BAT-BMS, Epoch-i-ion, Lossigy, and four others (total 7)
  • Developer example: Shenzhen Grenergy Technology (China) — maker of BAT-BMS
  • Bluetooth exploitation range: approximately 10–20 metres
  • First landmark use of Section 69A against Chinese apps: June 2020 (59 apps including TikTok)
  • Shreya Singhal v. Union of India (2015): SC upheld Section 69A; struck down Section 66A
  • CERT-In established under: Section 70B, IT Act, 2000
  • NCIIPC established under: Section 70A, IT Act, 2000
  • Blocking order confidentiality mandated by: Rule 16, IT Blocking Rules 2009
  • Emergency blocking timeline under IT Rules 2021: 36 hours for intermediaries to comply
On this page
  1. What Happened
  2. Static Topic Bridges
  3. Section 69A of the Information Technology Act, 2000
  4. Cybersecurity and the Threat of Embedded Foreign Hardware/Software
  5. Digital Sovereignty and the Regulation of Foreign Apps in India
  6. Key Facts & Data
Display