India orders smartphone makers to preload state-owned cyber safety app
(reuters.com)886 points by jmsflknr 2 days ago
886 points by jmsflknr 2 days ago
> I'm shocked
India is currently run by a nationalist regime headed by the so called "butcher of Gujarat"[1], there isn't much that would shock me wrt to that lot's totalitarian tendencies.
[1] https://en.wikipedia.org/wiki/Public_image_of_Narendra_Modi
Mate, this isn't even remotely "nationalist". This stuff is being pushed across the world. Digital ID? The only people really desperate for it are our rulers.
How so? In Sweden we have digital ID and it's great! Super practical and I struggle to think of how it would be used to spy on citizens, given that it has the same legal protections as banks have regarding your account transactions etc.
Like sure you could in theory see every document I've ever signed if you have a warrant for BankID servers, but you could probably glean most of that if you had a warrant for the banks servers anyway, so it's not really a new capability.
The lack of digital ID is a huge problem in many domains and enables a lot of scams and crime in the first place.
Requiring identification in situations that don't need it is where the problems start, but that's possible with analog IDs as well, and is often even worse there (since these provide neither security against digital copies, nor privacy, which digital ID can, e.g. via zero knowledge proofs).
Pretty much all passports in the world have been digital for years, and it seems ... fine?
There's a signed blob on the RFID chip in your passport that could be easily copied to any phone, hardly any on-device implementation work to be done.
It's funny how it's all rolling out right around the same time. Almost like they get together and plot this stuff at big meetings multiple times a year, where they get lavish meals and entertainment, get wined and dined by the rich and elite, and... well. Must be good to be kings.
It's really 4 horsemen of the infocalypse garbage being trotted out, and the general population is clueless and credulous. "They're in charge, surely they must know what they're doing! They wouldn't lie to us! They most assuredly have our collective best interests in mind, and they'll do the right thing!"
Every time someone fearmongers "Digital ID" I always tap this sign
The issue is not about "Digital ID" it's about having a good ecosystem that is both open and secure. I don't want all my tax money being spent on a private company implementing a horrible software solution
https://en.wikipedia.org/wiki/British_Post_Office_scandal
I trust my government more than mega software firms who have no accountability or recourse
Yep, Modi, the Indian PM, is a good friend of the WEF, and of many global power players.
Please don't post inflammatory rhetoric like this here, no matter the topic or the side. The guidelines ask:
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
Form your source:
Modi has often used a messianic tone in his speeches such as saying that his leadership qualities came from God. His latest claim to divinity was during the 2024 Lok Sabha elections when he said that while his mother was alive, he believed that he was born biologically but after her death he got convinced that God had sent him.
Are you shocked by the EU similarly attacking the human rights of its own people?
Circumstances behind the event:
- A group of local muslims were found to set fire to a train of Hindu pilgrims/kar sevaks returning from Ayodhya (Holy city in Hinduism)
- There was a large scale riot (1000-2000 people) that broke out
- Modi was accused of slow deployment of forces and tacit approval.
- Modi was cleared of all charges after a multi year investigation.
Ethnic tension between Hindus and Muslims goes back a millennia at least.
He has been the PM For last 11 years. Your so called labelling doesn't stand scrutiny. India is prospering, with problems, but prospering for every religion sect and culture
You might not be surprised, but you should still be shocked. Being struck by a heavy weight will shock you even if you expected it. We are allowed to be shocked by things that we abhor even when we understand their causes and probability distribution. Not being shocked suggests you no longer despise it.
This was proven not true many years ago by the Supreme Court well before he was in power. Just rage bait.
It's not rage bait, lol, this was a very famous incident, led to him being banned from the US, and he went on an extremely inflammatory "yatra" around mostly Northern India (where Hindutva has sway) further inflaming tensions right after the incident, which is shown very well in the documentary "Final Solution" (which was also banned in India)
The investigation couldn’t anything against the autogratic guy who said the following about the incident.
- When asked if there is anything he regrets not doing during the riots to save lives? He answered: He could have managed the media better. The interviewer gave him a moment to say the right thing. He didn’t change his statement.
- When asked if he
yes because he felt they did everything they could to prevent islamists fanning the flames, next?
This allegation was dismissed by the Supreme Court completely after years of investigation.
The EU is not run by butchers of anything, but they push Chat Control nonetheless.
Politicians crave power and control, it is that simple, and the current tech can give it to them quite easily. Not even Stalin could put a secret cop into every living room, but secret coppery can now be efficiently automated.
A state intervention in the form of mandatory app installation that no user can deny is a danger, especially given that the current government has allegedly used cyber surveillance to plant "evidence" in the computers of dissidents like Stan Swamy who subsequently died in custody.
Please don't engage in nationalistic battle on HN. The guidelines ask us to be kind and to avoid flamebait and using HN for political battle. Please take a moment to read the guidelines and avoid this kind of thing when participating here https://news.ycombinator.com/newsguidelines.html
FYI two years ago, the Indian government shut down mobile service in the state of Punjab to catch one person:
I was there during this, literally text my wife when got notice and said “I do not know when I will be able to text next so keep an eye on your email”.
I don't buy their reasoning.
With all the mobile tracking tech, I would have thought that it would have been easier to catch the person if they had a working phone on them.
I assume that they weren't attempting to track him. They were trying to prevent the communication between the conspirators so that they can't coordinate his escape or organize an uprising to aid his escape. Suffice to say, the telecom networks and the internet service are fair game to them and they don't think twice about interfering with it for any reason.
> improved education and targeted campaigns against common security pitfalls
Good one. Do you see how dumb the average consumer is? They don't know or care even if you try to educate them.
Maybe but there’s a fair amount of corruption going on in India. For example, they got caught spraying water near air quality monitors (at them?) to make the data seem better than it is instead of actually tackling the problem.
That's sadly how the culture is in India. I wish it improved to be more like Japan or China but I'm not sure how one can solve this sort of issue.
Considering that AI companies are strategically/financially in the same position as other market cornering companies like uber, imagine how much dumber things can get.
I shouldn't have to accept government surveillance just because 15% of the population is functionally illiterate. We should have support structures for those people as a society, but "dumb people exist" is a fucking horrible argument for why I should have my freedom restricted
You don't have to.
This is the most secure option:
This is more flexible and will give you root, at the cost of an unlocked bootloader:
You shouldn't, I agree with you, but what's the solution that works for everyone, not just the tech literate?
Well, we are talking about a government that declared 95% currency in circulation as invalid to nullify “black money” and rationed out currency for months. Currently they are doing an electoral list validation by asking everyone to submit a form so they can keep their voting rights. The policies are made with a strong “ruler” attitude.
The SIR has been carried out historically many times in India. In the recent years a lot of Bangladeshi illegal immigrants (who ironically hate India) have registered as voters. A lot of political parties have changed policies to cater to these illegals. So this was due for a long time.
> solved by improved education
https://en.wikipedia.org/wiki/2025_Delhi_car_explosion
Planned and executed by highly educated, qualified, doctors.
I think the commenter meant educating people on how to not fall for scams.
I completely agree with the sentiment. I think from their perspective, it's just a case of what CAN be done vs what is morally acceptable.
If knives were technologically sophisticated enough that they could be programmed to refuse to pierce particular materials, you know that the government would be forcing manufacturers to include human flesh in that list, and making liable anyone who sells one without that restriction.
This is the first time we've had a device that we rely on for almost all our daily activities, produced by a small handful of businesses that are easy for states to pressure.
> If knives were technologically sophisticated enough that they could be programmed to refuse to pierce particular materials, you know that the government would be forcing manufacturers to include human flesh in that list
I have serious doubts that their intentions are nearly as harmless or sincere as you project it. The government through DoT has repeatedly shown their willingness to control, invade, impose arbitrary measures and harm the digital lives of the citizens with impunity. Remember how Aadhar was touted as a welfare support programme. They even promised in the supreme court that it wouldn't be made mandatory. But they just haughtily refused to honor that promise and linked it to every imaginable service. You can't live without it these days. On top of that, they were so careless with it that the entire biometric database of more than a billion individuals was leaked and published on the darkweb for sale. And despite several news media showing the evidence for it, the government just brazenly denied the leak.
With such a dubious track record, let me say that I'm skeptical about their claims on 'cybersecurity' on the phones. It may start like that. But with their attitude it won't take much time for it to progress from a cybersecurity app to a cybersecurity nightmare. We already know what they did with the Pegasus malware that they bought with the taxpayers' money - another accusation they just denied blatantly, ignoring the evidence provided by the others. No avenue for abuse will be left unused. The real issue is that an omnipresent app that cannot be uninstalled is the most valuable target and the perfect vector for malware delivery. And this government has destroyed any reputation they may have had in the digital space, with their overtly hostile attitude towards the citizens who voted them in. This app is going to be a nightmare for the citizens in the not-too-distant future.
I see how you could've got that from my comment, but I wasn't trying to imply pure intentions.
Governments have to juggle a lot of different factors in order to maintain order and stay in office. It's natural that they would resort to less than scrupulous methods to attain this.
To go back to the knife example, once they have established preventing the piercing of human flesh as a mandate, it would be easy to extend this to preventing any kind of action using a knife that is inconvenient to them.
I'm struggling to come up with a reasonable sounding example though given the analogy. Perhaps... it gets extended to animals under the guise of protecting animal rights, but also prevents people from butchering their own hunt and animals killed must be submitted to a central processor who takes a large cut and have financial ties to particular politicians. I guess it's a stretch.
My point is just that the natural economics of the situation will cause governments to use all means at their disposal to achieve their end goals, whatever they may be. And so having these devices with their capabilities and our reliance on them is a huge hole in the defenses of freedom advocates just begging to be exploited.
If hypothetically they did have pure intentions, would that make it okay?
I know very little about the politics of India, so I have no idea whether what you said is an objective assessment or if it's just the political talking points of one particular side, but at least in the US I find it very disappointing how the mainstream political opposition to creeping authoritarianism is often "Wow this is terrible, those guys totally shouldn't have that much power." with the unstated implication being "Give it to me instead. I'm a good guy; you can trust me."
I much prefer to emphasize principles which hold regardless of which tribe happens to be in power at the moment. In this case the overriding principle being that device owners should have ultimate control over the software running on their phone - not companies, and certainly not governments. Forcing people to run a particular piece of software on their phones is simply not a power the government should have, regardless of how good their intentions.
> If hypothetically they did have pure intentions, would that make it okay?
No. What if they decide to double cross later? Or, what about the next guy in power? Don't leave any loose ends. Technically, it's the zero-trust principle. Don't rely on any security measure that depends on the other party keeping their word. Always assume that they're hostile. (Though I've been in trouble for using this when designing procedures. People come with the 'don't you trust us?' question.)
> Forcing people to run a particular piece of software on their phones is simply not a power the government should have, regardless of how good their intentions.
Agreed completely. My answer would be the same even if a different party/alliance was in power (Mine is based on infosec principles. Partisan politics won't change that). I explained the politics only to show that this isn't a hypothetical scenario. The supporters will otherwise use excuses similar to what was thrown around in the US (eg: You need to worry only if you're an illegal alien). Indians have been making this mistake repeatedly. Those in power know how to play with their nationalistic sentiments to override such concerns.
the fact that this is being done privately shows they know it's dirty and immoral.
The problem iscontrolling people at intimate thought level. Sure education is part of it. But state controlled device tracking everything they say, where they go and who they are exchanging with is also a tool to leverage on in that perspective.
IMO the goal is a bit different. It'd be just way too much data to track people successfully, even with on-device filtering, especially because everyone with ill intentions would just use non-backdoored devices for their malicious activities.
A much more achievable goal is digging up dirt on specific people and opponents. In the end governments can struggle to justify how they got their hands on info about an affair you had or that you shocked dogs ~~on stream~~.
Such device backdoors are just a get-out-court-free card and a way for the media to justify not asking any serious questions.
It's especially annoying that democracies do that.
Give it a few years and suddenly China is no longer worse than democracies.
Modi and his clique are authoritarian though. It's interesting that so many indian vote for that clique. They seem to not understand the problem domain; similar to Hungary, too. (Don't even get me going on Trump's clique of superrich running the show. I recently watched CNN in the last days and I fail to see how CNN is any better than Foxnews - they manipulate people via what they broadcast. For instance, yesterday some random US general basically convincing people that nobody in the military would do double-tap, not even Hegseth, when the exact opposite has actually happened. Or some female today in a show trying to explain that the first attack on a fisher boat was "legal" anyway. People don't even realise how much they are manipulated by these private media entities. These are basically owned by superrich influencing people one way or the other.)
> It's interesting that so many indian vote for that clique.
This is what happens when the only lens through which people see politics is religion or race. It shows you how important scientific temper, fact checking skills, scientific knowledge, awareness of unrevised history, knowledge of civic duties, current affairs, critical thinking, etc are very important. And don't think that I'm talking about just India.
I am unconvinced from a practical standpoint that this vision of the world that you wish to live in is even possible today due to the increase in sectarian communal tensions, dense cities, widely available cars/guns/etc and stresses from cost of living and income inequality, as well as the spread of ideas that mass casualty attacks might be a thing to do (the US did not have school attacks until it became an unfortunate "thing" in the culture that sick people glommed onto).
An absence of surveillance causes increased frequency of terrorist attacks which causes people to demand solutions (necessarily involving surveillance and other authoritarian measures) which leads to increased surveillance. It's an unfortunate negative feedback loop.
If you lack solutions for too long, the negative feedback loop becomes severe and instead of just surveillance within a liberal democratic context, you get public safety authoritarians like Bukele or Duterte.
"Surveillance doesn't materially reduce terrorist attacks" - I am not sure about that based on the number of arrests of plotters and the lack of visibility I have into the tools and methods they used to find those plotters.
"Terrorist attacks still happen even with surveillance" - Yes, but if they happen less frequently, this reduces the demand from the public to ratchet up authoritarianism. See the problem?
"Terrorist attacks are a price worth paying for our freedom." - I mostly agree, but feeling like this doesn't make any difference to the negative feedback loop, does it? Regular people want public safety from physical danger almost as much as food and water.
In most countries, death by terrorist is at least an order of magnitude less likely than death by bee. Strangely, we do not seem to be on a campaign to lock all humans in-doors to protect them from bees, nor have we declared a global war on beeism. These stats hold from before the modern surveillance regime, and so can hardly be credited to it. It's not actually a problem in particular need of urgent solving. Regular people are safe from terrorism, much safer than they are against most kinds of tragic accidents. What regular people are actually in danger of is losing all of their human rights to fearmongerers, who constantly invoke terrorism to erode them further and further.
Bukele and Duterte did not rise out of an environment of terrorism, so I don't know why you thought it relevant to bring them up. I think it is really sad to see comments on HN of all places advocating that if we don't implement chat control we'll spiral into a lawless hellscape.
And long before that too, it's just taken different soundbites that play on people's fears at the time.
> is better solved by improved education
From the article, this has nothing to do with education. It's:
> The app is mainly designed to help users block and track lost or stolen smartphones across all telecom networks, using a central registry. It also lets them identify, and disconnect, fraudulent mobile connections.
If your phone gets stolen, you can disable it.
I'm not saying that a government app is necessarily the right or best way to go about this, but to suggest that this can be solved with education misses the point entirely. No amount of education is going to prevent someone on a bike swiping my phone from my hand and cycling off with it.
And as long as the app isn't otherwise spying on you (and there's no mention of that), I don't see much of what this has to do with freedom either. The freedom to steal someone's phone and use it without being blocked? There are already a bunch of apps on my phone I can't uninstall, so that's not new.
Apps operate in sandboxes. We would need actual information to show that the app was being given special secret permissions, and Apple and Google would likely refuse or at least make public what was being asked of them, in order to maintain their own reputations in being honest about what they track and what they don't.
There's no value in assuming everything is conspiratorial. You'll go crazy.
> improved education and targeted campaigns against common security pitfalls
Which doesn't work. At all. A familiarity with the last 40 years of computing makes that clear.
The only things that have worked: ios/android walled gardens so users can't install spyware. yubikeys which can't be phished. etc.
> problem that is better solved by improved education and targeted campaigns against common security pitfalls
Will take decades if not more than a century to implement in India. Let alone old people, even the boomer generation is immensely tech illiterate.
Assuming it would do the stated job in addition to being a state way to your phone - it is a better solution, you ain't gonna educate you grandma easily, but if she can buy phone that protects her without having to look for it...
...of course, it won't work and even if they honestly tried it will be outpaced by scam industry. Or at worst case be state exploit that then will be exploited by other state (or just malicious actors) coz of lack of security in "security" software
>I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem
You shouldn't be.
You don't have to dig deep or search widely to see Americans complaining, loudly and often, about the US government using the 9/11 to create massive new state security initiatives, most of which were inimical to both privacy and liberty. And that was nearly a quarter century ago.
I'm not shocked at all. It's the nature of things for people - on average - to not want to learn. How many of your peers have shouted 'no more school' or something similar during their graduation?
How many people do you know who seem to be completely immune to learning? Go to any non-tech office an you will find shared passwords on post-it-notes, after 40 years of mantra-style 'Do not share your passwords' messaging.
If something goes wrong, it's not their fault, it's the machine's fault. "Why was this possible in the first place?" they ask. "Build it so this becomes impossible." That mindset let to OSHA regulations, to ever-safer aircraft, and to encryption on the web. It's not necessary a bad thing, it just throws out our - tech folks' - baby with the bathwater. How often has the increasingly regulated tech environment made you stop an easy implementation of a completely legitimate use case?
And yes, authoritarians thrive in this climate. Fear and promises of safety are the easiest paths to political power - and once in power, the demand for safety never ends. Politicians who genuinely prioritize individual freedom rarely get rewarded for it at the ballot box; the ones who win are simply better at wearing the right colours while expanding control.
This has been a tendency for a long time. Nothing to be shocked about.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
> I abhor any decision that robs even a grain of my individual freedom.
This is extreme and just as bad as any other extreme.
We have to find a way to maximise freedom across society. Being fixated on personal freedom won't turn out well. Whose personal freedom are we talking about? Should your neighbour be free to move the fence into your land? Didn't think so.
I will, however, give the benefit of the doubt and assume you mean giving up freedom without gaining anything. I don't see how this isn't a net loss for society.
I'm just saying the "freedom" bit can be twisted any such way you like. It's a dumb ideal. There are more convincing reasons to fear a government.
> I abhor any decision that robs even a grain of my individual freedom.
Silly goose.
"Freedom" is always balanced against "Responsibility" (both Individual and Group); it can never be absolute. The latter needs State support.
That is the reason my "freedom" to rob you is curtailed by the "State's (i.e. Group's) responsibility" enacting laws to prevent it.
You also exercise "your (i.e. Individual) responsibility" when you put a lock on your valuables to prevent my robbing you.
From Google;
"Silly goose" is a lighthearted, informal expression used to describe someone who is acting foolish, silly, or has made a silly mistake. It is a playful term that is not meant to be offensive and is often used affectionately. The phrase can also refer to a "silly person" or "simpleton" in an informal context.
As a non-Indian, the amount of scams and other external negative impacts coming from the country are extremely disproportionate, so if this evens things out a bit, I'm for it.
I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.
I abhor any decision that robs even a grain of my individual freedom.