NEW DELHI — India’s central government has directed that three smartphone applications, including the Chinese‑origin “BAT‑BMS” battery‑management app, be taken down from Google Play and Apple’s App Store after e‑rickshaw operators reported that their vehicles were being remotely disabled. The Ministry of Electronics and Information Technology (MeitY) issued an advisory on Monday urging app‑store operators to “enhance scrutiny” of applications that interface with vehicle battery systems, citing incidents in which the apps allegedly connected to unsecured Bluetooth‑enabled battery modules and cut power to the e‑rickshaws.
What happened
According to a report in the Times of India, MeitY’s advisory identified two apps – the BAT‑BMS app and another unnamed application – that were designed to monitor and manage lithium‑ion battery health for e‑rickshaws. Operators of e‑rickshaws in several Indian cities complained that when the apps were launched, the vehicles shut down unexpectedly. The ministry described the Bluetooth modules in many e‑rickshaw battery packs as “unsecured,” allowing the apps to send commands that could cut power. In response, the government instructed Google and Apple to remove the three identified apps from their stores and warned that any similar software lacking proper security controls could face the same action.
MeitY did not disclose the exact number of e‑rickshaws affected, nor did it provide a technical breakdown of how the shutdown command was transmitted. The advisory also called on manufacturers of e‑rickshaw battery systems to adopt stronger encryption and authentication for Bluetooth connections, emphasizing that security must be built into the hardware‑software interface rather than relying on post‑hoc app removal.
Why it matters
The directive underscores growing concerns about the cybersecurity of low‑cost electric vehicles that are increasingly common on Indian streets. E‑rickshaws, which are a primary source of livelihood for millions of drivers and a key component of last‑mile urban transport, rely on relatively simple battery‑management systems that often lack robust security features. If a malicious actor can remotely disable a vehicle, the economic impact on drivers can be severe, potentially rendering a day’s earnings null.
Beyond the immediate safety and financial implications for drivers, the incident raises broader questions about the integrity of the software supply chain for critical mobility infrastructure. The apps in question were developed by Chinese firms, and their removal comes amid heightened geopolitical scrutiny of Chinese technology in India. While the advisory does not explicitly link the shutdowns to state‑backed espionage or sabotage, the fact that the apps were foreign‑origin adds a layer of strategic concern for regulators tasked with safeguarding domestic technology ecosystems.
Background and context
India’s e‑rickshaw market has expanded rapidly over the past five years, driven by government incentives for electric mobility, rising fuel costs, and municipal policies that favor zero‑emission vehicles in congested urban areas. According to industry estimates, more than 300,000 e‑rickshaws now operate across major cities, with battery packs typically ranging from 1.5 kWh to 3 kWh. Most of these vehicles use lithium‑ion cells managed by Battery Management Systems (BMS) that communicate with drivers’ smartphones via Bluetooth for real‑time monitoring of charge levels, temperature, and health diagnostics.
The BMS ecosystem is fragmented. While some manufacturers provide proprietary, closed‑source apps, a sizable segment of the market relies on third‑party applications that claim to offer enhanced analytics or remote control features. These apps often bypass formal certification processes, and their codebases are not subject to the same security audits as native vehicle firmware. In the past, cybersecurity researchers have highlighted the vulnerability of Bluetooth Low Energy (BLE) protocols when paired with weak authentication, noting that unauthenticated commands can be injected by any device within range.
The Indian government has previously issued guidelines on the security of Internet of Things (IoT) devices, including recommendations for encrypted communication and secure boot processes. However, enforcement has been uneven, particularly for low‑cost mobility solutions that fall outside the traditional automotive regulatory framework. The recent removal of the BAT‑BMS app represents one of the first high‑profile actions targeting a specific software tool used in the e‑rickshaw sector.
Competing claims and uncertainty
The Times of India report presents the ministry’s view that the apps were “exploited” to remotely shut down e‑rickshaws via unsecured Bluetooth modules. The advisory does not name any individual or group responsible for the alleged exploitation, nor does it provide forensic evidence linking the apps to malicious code.
Industry observers have offered alternative explanations. Some technicians suggest that the shutdowns could be the result of firmware glitches or battery protection mechanisms that trigger a cut‑off when abnormal voltage or temperature readings are detected—events that might coincidentally occur when an app queries the BMS. Others point to the possibility of “false positives” where drivers attribute a routine power‑off to the presence of an app, especially in a market where drivers are often wary of foreign‑origin software.
The ministry’s statement that the Bluetooth modules are “unsecured” is itself a broad characterization. While many BMS units lack robust authentication, some manufacturers have begun implementing basic pairing codes or token‑based access. Without detailed technical disclosures, it is unclear whether the specific models implicated in the incidents were universally vulnerable or represented a subset of older battery packs.
Furthermore, the advisory calls for “enhanced scrutiny” by app‑store operators but does not specify the criteria that will be used to evaluate future applications. This leaves open the question of whether the removal was a targeted response to documented misuse or a pre‑emptive measure aimed at curbing a perceived security risk.
What to watch next
– Regulatory follow‑up: MeitY is expected to issue detailed guidelines on Bluetooth security for e‑rickshaw BMS units within the next few weeks. Stakeholders will be watching for any mandatory certification requirements or penalties for non‑compliance.
– Industry response: Leading e‑rickshaw manufacturers may announce firmware updates that incorporate encrypted BLE communication or token‑based authentication. Monitoring announcements from major battery suppliers such as Exide, Amara Raja, and Tata Power will indicate how quickly the sector adapts.
– App‑store policies: Google and Apple have pledged to “enhance scrutiny,” but the specific review processes remain undisclosed. Future removals or rejections of similar apps will reveal whether the policy shift is substantive or largely symbolic.
– Legal actions: If drivers can substantiate losses from remote shutdowns, there may be civil litigation against app developers or battery manufacturers. Courts could be asked to interpret liability for software‑induced vehicle failures.
– Cybersecurity research: Independent security firms may conduct penetration testing on popular BMS apps and publish findings. Such reports could either validate the ministry’s concerns or highlight additional vulnerabilities beyond the BAT‑BMS case.
Conclusion
The removal of three Chinese‑origin smartphone applications from major app stores marks a decisive, albeit preliminary, step by the Indian government to address cybersecurity gaps in the rapidly expanding e‑rickshaw sector. While the immediate action curtails the alleged misuse of the BAT‑BMS app, lasting protection will depend on systemic changes: secure design of Bluetooth interfaces, mandatory certification of BMS software, and transparent oversight of third‑party applications. The episode also illustrates the intersection of technology policy and geopolitical sensitivities, as regulators balance the need for open innovation with the imperative to shield critical mobility infrastructure from foreign‑origin vulnerabilities. As the Ministry of Electronics and Information Technology refines its guidelines and the industry rolls out security patches, the effectiveness of this intervention will be measured by the absence of further remote‑shutdown incidents and the resilience of India’s e‑rickshaw ecosystem.
Sources
Times of India, “Centre removes BAT‑BMS linked apps from app stores after e‑rickshaw remote shutdown reports,” https://timesofindia.indiatimes.com/business/india-business/centre-removes-bat-bms-linked-apps-from-app-stores-after-e-rickshaw-remote-shutdown-reports/articleshow/132155150.cms
Story synopsis gathered from: Times of India – Top Stories — source
Corrections
If you believe this article contains an error, contact Herald Express with the source URL and supporting evidence.

