When you are watching a video online, an ad related to a recent online purchase pops up. This recurs for weeks on end. How do you stop this? And what about the site at which you used your credit card to pay? How can you be sure that the site has not stored those details or that it is secure enough to prevent fraudulent access to your card details?

BharOS promises an alternative. Yet to see commercial release, the mobile operating system developed by JanK Operations, a Chennai-based start-up incubated by IIT-Madras, can be set up on off-the-shelf smartphones without needing to install any other apps that exchange information on your browsing or purchase history.

The firm’s director, Karthik Ayyar, says this is the first step to a secure mobile environment. “We develop the operating system. We then allow the user to decide which apps to install.”

Operating systems are software applications that allow computer software and hardware to interact and communicate. They control all complex processes and are the basis for any computing device in existence. The leading mobile OS are Android (48 per cent market share), Windows (29 per cent), and iOS (18 per cent). Now BharOS joins their ranks.

Choose your apps

Until India’s competition watchdog fined Google for its alleged anti-competitive practices, every Android phone in the market came with the company’s search tool as the default, and the entire suite of Google’s apps. “With BharOS, nothing is pre-installed, or ‘no default apps’ (NDA),” says Ayyar.

But wouldn’t that leave the user with the task of reviewing and selecting safe apps? He says ‘private applications store services’ (PASS) providers can help. “You don’t have to depend on the OS provider’s store of apps. Anyone can build a platform for apps and users can choose the PASS providers they are comfortable with. It could be your WhatsApp group that gets together and builds a platform. You could choose a PASS that your telecom provider builds. Or even one built by your own organisation. Indian Railways or the Government of India, too, can run PASS services.”

You may recall how the Joker Trojan malware insidiously entered apps in online stores. As many as 1.2 million users were reported to be affected by the malware, which started showing up advertisements, helping an unknown entity earn revenue at the cost of user privacy. A trusted PASS provider may help avert similar mishaps.

Ayyar likens BharOS to UPI (unified payments interface) as the underlying technology platform. “PASS service providers will be to BharOS what payment apps like Google Pay or PhonePe are to UPI.” BharOS is currently used by select entities, which give users restricted access to apps.

Marketing BharOS

The global market for OS was an estimated $45.04 billion in 2022, expected to rise to $48.27 billion in 2026. How would BharOS be marketed? “By appealing to the hearts of a billion Indians,” says Ayyar. The more people demand BharOS, the more the ODMs (original device manufacturers) would be compelled to use the operating system. He agreed it would be an uphill task against competition from Google, Microsoft and Apple.

What makes BharOS secure? “The bootloader is the first program that runs when you power up your device. The bootloader then checks if the kernel loaded in step two has been signed by an authenticated entity. This is done via cryptography,” he says.

In cryptography, a public key-private key pair helps maintain security. For example, when someone wants to send you a confidential file, they will use your public key, which is publicly available. Any document encrypted using your public key can only be decrypted with your private key, which only you hold.

In BharOS the kernel will, in turn, order other services such as the touchscreen, Wi-Fi, and display systems. Each of these must be cryptographically verified. If any malware has been introduced with any of these programs, the process will fail. Up to this point, the OS provides what is called a ‘chain of trust’ environment. That is, each system is signed off via a digital certificate that gives a stamp of approval. If the system has been tampered with, the digital validation process would fail. Beyond this point, the user has the liberty to choose PASS providers or even select apps that are deemed secure.

Ayyar concedes that other mobile OS in the market offer varying levels of security. “The analogy is: when a stranger from a foreign land wants to enter my house, the builder decides that is safe enough for me. But the same builder decides that my great-aunt who has raised me may not have security clearances to visit me three days in a year. Who decides on what is secure for you?”