India orders smartphone makers to preload state-owned cyber safety app
(reuters.com)885 points by jmsflknr 2 days ago
885 points by jmsflknr 2 days ago
It's all happening really quickly, so I haven't been able to keep up. I know Starmer said that digital ID will be mandatory to work in the UK. Did he mention how that would be implemented? Is the UK going to issue and official device to everyone in country, or are the people supposed to pay for it? What about homeless, poor, and the provisional residents?
> Is the UK going to issue and official device to everyone in country, or are the people supposed to pay for it? What about homeless, poor, and the provisional residents?
What about provisional residents? The digital ID proves identity. It is not a work authorization. Provisional residents can have a digital ID whether they work or not.
As a foreign national living in the UK on a long-term visa I can only say that the decision to discontinue physical BRP (residence permit) cards in favour of eVisas is singularly idiotic and harmful. One piece of evidence being that there are still things you can only do using expired BRPs, which will be in a some kind of zombie mode until mid 2026. After that, eternal misery.
But this is basically nothing compared to what they are doing with their justice system, which mostly affects British citizens, so who am I to complain.
Digital ID isn't really an issue. Most people already have several government digital IDs (government gateway, unique taxpayer number, etc.)
They should have branded it "simplified ID" or something like that.
I'll probably get instinctive downvotes but I think it's important not to mix up the actually-fine stuff with stuff like chat control, otherwise the message becomes trivial to dismiss.
There’s a famous article by Terence Eden about the kind of devices that people are forced to use to interact with the UK Government, written with his experiences working for the government.
The devices include: A Playstation Portable. The latest stats include thousands of visits from XBox and Playstation consoles.
All modern smartphone requirements boil down to Play Integrity and iOS AppStore attestations.
https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiven...
Even if that were the case, by what mechanism are they commandeering it? That's essentially what I was thinking about in this India case.
Undoubtedly most people will comply, but there will be a few who don't, so I'm curious what the plan is to bring them in line.
Are you talking about downloading reddit, which is infested with the weirdest pornography that exists ?
While I am very much against facial scanning etc, it is quite clear that something needs to be done about the access of porn to kids. It is a drug like any other that we do not allow kids to consume.
I dont know why porn companies arent just sued into oblivion. There are already laws against distributing porn to minors in most places and porn companies do it routinely without any controls.
So what is your plan on dealing with wikipedia? I accessed porn in 2011 when I was 11. I played Postal 2 when I was 10. But no English skills at that age means not much came out of that game at that time except cat silencers.
How many kids these days play 18+ rated games?
> So what is your plan on dealing with wikipedia?
Im not sure I understand. Are you saying wikipedia has porn?
Do a few nude photographs on wikipedia hold the same addiction potential as an infinite stream of short form HD videos - specifically optimized for attention capture - on platforms like reddit ?
I am not even sure whether I should take you seriously.
> Luckily, in the UK you only have to scan your face and ID to access cat photos.
Please wait for us, the relentless chat control legislation will make us (the EU) overtake you and mandatory age verification is pretty much a certainty at this point.
> With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones, while more than 30 million fraudulent connections have also been terminated.
I might be reading this wrong but these numbers seem very weird. Did more than half the people who downloaded the app block a stolen phone? And did each person who downloaded the app terminate 6 fraudulent connections?
It's not rare to have multiple phone numbers registered to a person's name fraudulently in India. Therefore, in this aspect the app will list out all the connections under the user's Aadhar (Indian Digital ID).
Indian government is big on pronouncements.
It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
I am pretty certain Apple and Samsung will pay off someone in the government.
> Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
Allow the user to download and install it if it turns out to be great. Do not shove things down people's throat against their wishes, like an authoritarian govt. Otherwise you start to resemble Stalin's Soviet Union.
Isn't one of the largest payment processors in the world made by the Indian Government?
Personally I wouldn't risk my personal digital privacy on the incompetence of the government. I'd assume the opposite.
No. UPI. It's an initiative by the Indian government.
It's controlled by the RBI, just through a complex public-private corporate structure through NPCI.
UPI is much larger and more international than PIX. It's currently processing iirc something like 200 billion transactions. UPI is also used in several countries, France being among the most recent examples.
As such UPI has a broader scope than PIX and requires a public-private corporate structure with stakeholders from both sides.
But this is off topic. The competence of the Indian government to at the very minimum partner with Industry shows that such software preloaded on phones is a threat to the civil liberties of people that the State shouldn't encroach on. This is a violation of individual privacy.
RBI pushed an entire new second level TLD to India’s entire banking system with a 6 month deadline. It was a botched rollout but now every bank in India is using .bank.in, despite two of India’s largest bank owning their own TLDs (.hdfc, and .sbi).
It was a very insecure rollout with zero customer awareness, but it happened and almost every large bank moved. Sometimes silly pronouncements do result in silly change.
I have this app installed on my phone, and it helped eliminate "digital arrest" scam calls from 5-6 calls per day to maybe one in 2 months.
It makes filing an online complaint against the incoming call almost frictionless.
Having said that, I don't believe it should be shoved down our throats.
All that couldn be as simple as educating people that there is no such thing as "digital arrest".
You are just telling the whole world about the average IQ of an Indian and how they believe in foolish things like "digital arrest".
And an app doesn't solve that. Digital literacy is a need for today, but the entire country is getting the latest smartphone, with dirt cheap data and zero knowledge of how to operate and own that technology.
> I have this app installed on my phone, and it helped eliminate "digital arrest" scam calls from 5-6 calls per day to maybe one in 2 months.
Yeah, no. Correlation is not causation. Having the app installed doesn't eliminate calls. The app doesn't have the ability to block calls.
Operators like Airtel stepped up and started flagging spam/scam and now warn their users when they recieve a call from flagged numbers.
How do you think operators built a database of spammers?
I've been reporting spammers since 2005, since DND rules came into place.
Only in the last year have I seen the spam slow down. Earlier operators would dismiss the complaint saying to it was a "transactional communication," now it's logged with TRAI and the operator and they have less room to manipulate the complaint.
IRCTC is a private company. UPI isn't government either. Which e-filling portal is working nicely for you? My ITR was stuck for more than a year because some lame ass dev couldn't show proper error message other than suggesting that something needed to be done by my bank (which wasn't the case and only a year later did I decide to dig into th3 dev tools).
To praise Indian government is the most unlikely thing one should be doing for their mediocrity at developing things.
Same is the case with Aadhar, Digiyatra, etc. My government is hella incompetent at safeguarding data and privacy (unless it's their own data). And this app is 100% going to be a huge security hole on every device.
For me, ADB to the resuce.
> It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.
Wait until "they" outsource it (on the pretext of national security interests) to countries that have deep talent in cybersecurity (like the US/Israel/Russia/China).
Ex: https://www.fdd.org/analysis/2025/06/11/india-orders-new-fig...
I wish the article talked more about this app India wanted to pre-install. Forcing the pre-install of apps is worrisome in general, but there's some nuance that is missed by not explaining what is being forced on the citizens. "Cybersecurity app" can mean a lot. From the looks it's a government-sponsored "brick my phone"-kind of app for disabling stolen phones?
I wouldn’t venture in the direction that many here will take.
I will point out that India have the highest number of victims of cyber-fraud. I personally know many people who have lost significant sums through social engineering attacks. The money is transferred to multiple mule accounts and physical cash is siphoned off to the fraudsters by the owners of those account. They choose helpless, illiterate, village dwelling account holders for this.
Another huge issue is unregulated loan apps. There are horror stories of people installing apps in order to take high-interest loans and then those apps stealing their private photos and contacts or accessing camera to take photos in private moments, and then sending those photos to contacts via WhatsApp when interest payment is overdue.
Then there are obvious security issues with terrorism and organized crime.
The government wants data. It's clear why. There is huge potential for misuse.
> I will point out that India have the highest number of victims of cyber-fraud
Combined with worst enforcement and investigation efforts to tackle this issue. The default resolution on a cyber crime report is : Fraudster's account is blocked and they are given a choice to plead forgiveness from the accuser. They often return the money in lieu of the complaint being rescinded. Then fraudster is free to con others. Fraudsters know this is a numbers game that is why they hit every morsel they can get a bite.
Worse yet people use the cyber crime provision to take revenge. People can file frivolous cases without proof and ge others account locked. Banks will treat you with disdain and police will tell you to settle privately too.
What about investigations you ask? Very few cases reach that level. Local police file the FIR and they don't even know what is "cyber" in cyber crime. Fraudsters can continue playing the numbers game.
So, yes it is easy to talk about victims when the policies are lacking. And then this high number of victims can be used as a crutch to push insecure apps on everyone's phones. The worst part of it? They will get data and still remain clueless and inept in solving the high number of cyber crimes.
And you trust the government to only use it for good purposes? and not to track people who may be protesting or belong to opposing political/religious/cultural views? We know based on historical pegasus complaints that this trust has to be earned and can't be given.
There are lots of ways to solve for this, mandating that these companies own the identification process through their systems, report misuse, govern apps. Why taken on the ownership of a process that is better handled outside of government while the government holds them to account via huge fines and timelines but giving these large companies ownership of protection from scams or stolen phones etc...? win win and I think these large companies are due spending extra money to protect their users anyway.
I don't trust anyone blindly. The point of my comment was not to support the decision, but to show where it might be coming from.
What's inherent in the comment is- there are simply too many people to educate, "made aware", etc. So, this might be a knee-jerk reaction to fight cyber fraud. Not Big Brother sensorship.
I can say these because I know too much about the ground reality. An example from top of my head- SBI e-Rupee app doesn't launch in your phone if you have Discord installed. Yeah. Just because some scammers communicated through Discord.
Of course, I cannot guarantee that something sinister is not being planned or that this app won't be utilized for something bad.
There is also a small chance of some bureaucrat in management position taking this decision, so he can write in his report- "Made Sanchar Saathi app download soar up to X millions in 3 months through diligent effort..." just like highly placed PMs/SVPs in large tech companies eyeing a promotion.
Automatic mistrust of the government is a pretty juvenile take. Yes there are tons of ways, and having OEMs preload an app is the easiest one in a country of 1.1B mobile connections.
Gonna agree with you, even Singapore has announced several policy changes the past few weeks to deal with all the fraud - more severe punishment and forcing apple to change how iMessage spam with .gov.sg domains is handled.
I don't think this new app will resolve India's fraud issues unfortunately, there probably needs to be more policy changes at banks/fincos. As much as India obsesses with KYC processes, it doesn't seem to be working/enough. I don't see this new app being required as something totalitarian, it would be much easier for the gov to ask for that type of stuff to be tacked on to UPI apps anyways.
Yeah this is the wrong audience for this argument, but it has merit. An app like this can be both a massive government power grab and useful to protect many, many people who are vulnerable to fraud.
The number of my relatives that will just believe whatever someone tells them on the phone is terrifying.
> I will point out that India have the highest number of victims of cyber-fraud
Based on what?
> Another huge issue is unregulated loan apps
You don't need to root everyone's phones to regulate financial crime.
> Then there are obvious security issues with terrorism and organized crime
India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
> Based on what?
Yahoo Finance report that's 3 years old, puts India at #4: https://finance.yahoo.com/news/15-countries-most-cyber-crime...
But 2024 data from PIB puts the number of occurrence much higher at 2.27 million: https://www.pib.gov.in/PressNoteDetails.aspx?NoteId=155384&M...
> You don't need to root everyone's phones to regulate financial crime.
Yes, I agree. Read this comment: https://news.ycombinator.com/item?id=46113070
> India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
Are these what backdoors are? It's an app. It can be uninstalled, right? Are there physical backdoors like American agency NSA tried to install? Or like the Chinese phones that many suspect?
- https://www.spiegel.de/international/world/privacy-scandal-n...
- https://www.cnet.com/tech/mobile/xiaomis-phones-had-a-securi...
The way for the community to fight this is to keep finding holes in the app until they stop trying to put one on.
> way for the community to fight this is to keep finding holes in the app until they stop trying to put one on
I'm not familiar with Indian activist tradition. But if we look at other countries where this happened, the technical attacks didn't work. It had to be done through policy, instead.
I wonder if this will cause a reduction in remote jobs for citizens. Compliance with US laws like HIPAA and FERPA have strict requirements regarding access. Many employees use 2FA on their personal devices, which if passed this law would interfere with.
Or, maybe it'll finally convince people that SMS is the worst of all worlds when it comes to security (and phone numbers for identity). Doubt it tho
Government of India issued a follow up gazette notification withdrawing mandatory pre-installation of Sanchar Saathi app on smartphones: https://news.ycombinator.com/item?id=46132822
The more I see stuff like this, the more I think "you know, I don't think the world is collapsing, I think the old world is collapsing." Governments in their current form are increasingly becoming irrelevant (h/t to "The Fourth Turning") and actions like this prove it.
How is this demonstrating governments are irrelevant? It seems like it is demonstrating their continued power.
Steelmanning the argument, perhaps you see this as a demonstration that corporate power has gotten so large the government is being forced to react. I might believe that, but I can’t get from there to irrelevance.
This seems to be the app: https://www.sancharsaathi.gov.in/
Looks like it's quire popular/established already, with over 10 million downloads. Basically a "portal" for basic digital safety/hygiene related services.
Quoting Perplexity regarding what facilities the app offers:
1. Chakshu: Report suspicious calls, SMS, or WhatsApp for scams like impersonation, fake investments, or KYC frauds.
2. Block Lost/Stolen Phones: Trace and block devices across all telecom networks using IMEI; track if reactivated.
3. Check Connections in Your Name: View and disconnect unauthorized numbers linked to your ID.
4. Verify Device Genuineness: Confirm if a phone (new or used) is authentic before purchase.
How does an app inspect other app's storage data (like whatsapp). I thought Android security model blocked that. Does it have root access?
It doesn’t matter what the app does today it can be made to do anything they want after the fact. Monitor speech, location, contacts, content, preserve evidence for prosecution, inspection your dinner choices or your sexual habits.
This is on the far end of the spectrum of bad.
> It doesn’t matter what the app does today it can be made to do anything they want after the fact.
This is an extremely important point of universal application that can't be emphasized too much.
Even if one agrees with a current politician's position, once the precedent is set, there's nothing stopping an administration down the line extending the reach of an already installed and by then socially accepted mechanism.
Someone called this the "totalitarian tip toe"; that guy (who shall rename unnamed) was "a bit weird", but his concept stands anyway imo.
When the app is mandated installed then user permissions are also moot. It will have full access an app can have.
It's always the same - governments suddenly wanting to spy on people.
We need a world where this can be guaranteed to not happen. We need 3D printing everywhere, without restrictions or payload attached.
How is it different from preloading apps like Netflix, GMail and other shady apps for profits that collects a lot of data.
Considering India's low literacy, having a state owned cyber safety app shouldn't be much of an issue. It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
The difference is restricting removal of the app. It takes away the user's choice. As far as I know all preloaded apps, at least on Android, can be disabled if not uninstalled.
> The November 28 order, seen by Reuters, gives major smartphone companies 90 days to ensure that the government's Sanchar Saathi app is pre-installed on new mobile phones, with a provision that users cannot disable it.
> It's not like a backdoor, but safety of citizens, which is the prime mandate of a sovereign state.
This sounds great in theory. But in practice this sort of thing is rife for abuse. Say, I have complete control over what this app installed on your phone does in the background. And you were my political opponent. Would you trust me to not use this backdoor into your phone to my advantage?
Apps like Netflix, GMail are not forced on users by a govt. It is an open marketplace. Users have options. They are free to buy phones that do not have those apps pre-installed.
How do you know it isn't a backdoor? Do you have access to its source code?
This kind of app should be be open source.
I found a directive[1]:
> Pre-installed App must be Visible, Functional, and Enabled for users at first setup. Manufacturers must ensure the App is easily accessible during device setup, with no disabling or restriction of its features
While I can get behind the stated goals, the lack of any technical details is frustrating. The spartan privacy policy page[2] lists the following required permissions:
> For Android: Following permission are taken in android device along with purpose:
> - Make & Manage phone calls: To detect mobile numbers in your phone.
> - Send SMS: To complete registration by sending the SMS to DoT on 14422.
> - Call/SMS Logs: To report any Call/SMS in facilities offered by Sanchar Saathi App.
> - Photos & files: To upload the image of Call/SMS while reporting Call/SMS or report lost/stolen mobile handset.
> - Camera: While scanning the barcode of IMEI to check its genuineness.
Only the last two are mentioned as required on iOS. From a newspaper article on the topic[3]:
> Apple, for instance, resisted TRAI’s draft regulations to install a spam-reporting app, after the firm balked at the TRAI app’s permissions requirements, which included access to SMS messages and call logs.
Thinking aloud, might cryptographic schemes exist (zero knowledge proofs) which allow the OS to securely reveal limited and circumscribed attributes to the Govt without the "all or nothing", blanket permissions? To detect that an incoming call is likely from a spam number, a variant of HIBP's k-Anonymity[4] should seemingly suffice. I'm not a cryptographer but hope algorithms exist, or could be created, to cover other legitimate fraud prevent use cases.
It is a common refrain, and a concern I share, that any centralized store of PII data is inherently an attractive target; innumerable breaches should've taught everyone that. After said data loss, (a) there's no cryptographically guaranteed way for victims to know it happened, to avoid taking on the risk of searching through the dark web; (b) they can't know whether some AI has been trained to impersonate them that much better; (c) there's no way to know which database was culpable; and (d) for this reason, there's no practical recourse.
I recently explained my qualms with face id databases[5], for which similar arguments apply.
[1] https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re...
[2] https://sancharsaathi.gov.in/Home/app-privacy-policy.jsp
[3] https://www.thehindu.com/sci-tech/technology/pre-install-san...
[4] https://www.troyhunt.com/understanding-have-i-been-pwneds-us...
Do we have a breakdown of what this app actually does?
- Report fraud/scam calls and SMS directly from your phone.
- Block or track lost/stolen phones by disabling their IMEI so they can’t be misused.
- View all mobile numbers registered under your ID and report any unauthorized SIM cards.
- Verify if a phone is genuine with an IMEI/device authenticity check.
- Report telecom misuse, such as spoofed calls or suspicious international numbers.
The stated goal is protect users from digital fraud and safer telecom usage, who knows how good it’ll be. Probably a PITA.
So a pretty transparent way to tie IMEI to someone's identity and track their location under the guise of "finding lost phones" and "checking your phone's authenticity"
I think this is to crack down on sharing a SIM card which is registered to someone else. It ties identity + location + aggregates all SIMs registered to someone with their current location.
Not to mention they can probably payload anything into the app whenever they want.
I've been using it since it came out. It does its job.
I was getting 5-6 scam calls per day, now down to maybe 1 in a month.
It's just a wrapper around their website (for now).
I think this app is harmless but I don't think it should be forced onto anyone.
Agreed. But they already have massive tracking capabilities. I don't they are so stupid that they'd do this in such an obvious way: too much scrutiny.
CDOT's CMS system already exists in the background.
This is great first hand feedback. I like these kinds of HN posts.
How do you think it works? Example: If enough people report, then some police agency investigates? Rinse and repeat enough times and the scam calls/SMS should fall?
At the moment, yes, as I installed it myself off the App Store.
That's what the ruckus is: the govt wants to push it everywhere mandatorily.
Right now it's harmless: it's just a way to report scammers and lost handsets.
But who knows what they'll shovel into it tomorrow.
Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India. Here's some additional context from a previous thread on HN [0]
[0] - https://news.ycombinator.com/item?id=40476498
------
Edit: Can't reply
Lots of old phones still exist, so a virtual/eSIM does nothing to give visibility into those devices.
Also, India wants to own the complete end-to-end supply chain for electronics like what China did in the early 2010s, so India has been subsidizing legacy, highly commodified electronic component manufacturing [0] - of which physical SIMs are a major component because they both help subsidize semiconductor packaging as well as IoT/Smart Card manufacturing. A mix of international [1][2] and domestic players [3] have been leveraging physical SIM manufacturing in India as a way to climb up the value chain.
On a separate note, this is why I keep harping about India constantly - I'm starting to see the same trends and strategies arising in Delhi like those we'd see the PRC use in the late 2000s and early 2010s, but no one listened to me about China back then because they all had their priors set to the 1990s.
No one took the PRC seriously until it was too late, and a similar thing could arise with India - we as the US cannot win in a world where 3 continental countries (Russia, China, India) are ambivalent to antagonistic against us. Even Indian policy papers and makers increasingly reference and even copying the Chinese model when thinking about policy or industrial development, and I've started seeing Indian LEO types starting to operate abroad in major ASEAN and African countries helping their vendors build NatSec capacity (cough cough Proforce - not the American one - and their Offensive Sec teams).
Ironically, I've found Chinese analysts to be much more realistic about India's capacity [4][5] unlike Western commentators - and China has taken action as a result [6][7][8]
[0] - https://ecms.meity.gov.in/
[1] - https://www.idemia.com/press-release/idemias-production-faci...
[2] - https://www.trasna.io/blog/trasna-eyes-asian-iot-growth-as-i...
[3] - https://seshaasai.com/products/esim-and-sim
[4] - https://finance.sina.cn/china/gjcj/2022-06-08/detail-imizmsc...
[5] - https://www.gingerriver.com/p/vietnam-or-india-which-one-wil...
[6] - https://www.bloomberg.com/news/articles/2025-07-02/foxconn-p...
[7] - https://www.reuters.com/world/china/india-taking-steps-mitig...
[8] - https://www.reuters.com/world/china/china-files-wto-complain...
India has not been antagonistic or ambivalent in its recent past, until a Nobel Peace Prize aspirant in the WH decided to take a machete to relations that both countries had been building for the last 25 years, with largely bipartisan support in both countries. Even the current Indian govt is quite pro US until the aspirant tanked that relationship.
And yes, there will be times India doesn't agree with the US, and that's normal. It's seeking to be a partner, not a vassal state.
> India has not been antagonistic or ambivalent in its recent past...
Yep, but stuff can change rapidly.
From 1972-1992 it was China that used to be the pillar of the America's Asia strategy as a bulwark against the USSR, with US soldiers posted in Xinjiang monitoring the USSR [0], US government sponsored tech transfers and scientific collaboration [1], American support for Chinese military modernization [2][3], and expanded economic cooperation [4].
Yet by the late 2000s, that relation degraded into a competitive relationship that has become the cold war that it is today because by the 1990s US and Chinese ambitions became misaligned - especially following US sanctions due to the Tienanmen Massacre [5], Clinton's pivot to newly democratic Taiwan [6], and Chinese attempts at industrial espionage [7].
The US and India are not fully aligned because neither American nor Indian policymakers have significant exposure to either and remain extremely insular (eg. Stanford and Penn are the only American universities with a competitive program on Contemporary Indian politics and foreign policy, and there are only at most 20 American scholars on contemporary Indian policy - it was the same during my time in the early 2010s with regards to China, except instead of Penn it was Harvard), and that's why the US-India relationship has been in a tailspin for the past couple years. The US-India relationship are now in the equivalent position as that of the US and China in the late 1990s to early 2000s era, and are largely predicated on mutual competition against China.
Snafus like the RAW-backed Nijjar assassination as well as the US's support for Asim Munir highlights how the relationship is starting to fray. If alignment is not found within the next few years, the relationship will become competitive and potentially antagonistic in nature because India will start feeling that the US is encircling India just like China, and the US will start viewing India as "rocking the boat".
[0] - https://www.nytimes.com/1981/06/18/world/us-and-peking-join-...
[1] - https://en.wikipedia.org/wiki/U.S.%E2%80%93China_Agreement_o...
[2] - https://www.nytimes.com/1981/06/17/world/us-decides-to-sell-...
[3] - https://www.nytimes.com/1979/10/04/archives/study-urges-us-a...
[4] - https://www.nytimes.com/1983/05/26/business/us-china-investm...
[5] - https://www.nytimes.com/1989/06/05/world/the-west-condemns-t...
[6] - https://www.nytimes.com/1994/08/10/world/clinton-is-expected...
[7] - https://archive.nytimes.com/www.nytimes.com/library/world/as...
> Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India
Why not mandate virtual SIMs?
What about the low income people who cannot afford a new phone?
Very concerning. I will be suprised if companies like apple comply though.
Do they actually have a choice? Usually with laws and orders from the government, you can't do much than either go with the flow, try to lobby against it afterwards, or straight up refuse and leave the market. Considering Apple's ties to India, I feel like Apple is unlikely to leave, so that really only leaves Apple with the first; comply and complain.
> Do they actually have a choice?
Yes. Apple's revenues are half as much as the government of India's [1][2]. That's a resource advantage that gives Cupertino real leverage against New Delhi.
[1] https://www.apple.com/newsroom/2025/10/apple-reports-fourth-... $102.5bn / quarter
[2] https://en.wikipedia.org/wiki/List_of_countries_by_governmen... $827bn / year
Like any business Apple needs growth to satisfy the shareholders. New growth would come from India and China. Apple didn't leave China and neither it will leave India. India can and will survive without Apple. Though having it in the country would be good for optics.
The moment mobile companies locked down sideloading, ability to uninstall bundled software, etc., they made it impossible to argue techincally against bundled, uninstallable software from the government.
Apple has built an entire alternative iMessage+iCloud setup in China to comply with government regulation. They also bowed to the UK's demands to disable E2EE backups.
They'll probably try to make the app as non-shitty as they possibly can, and will probably leverage all kinds of geographical restrictions and whatnot to isolate the impact of these changes, but when threatened with a large market share hit, Apple will comply.
Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China.
Also, they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate’.
Apple is, at the end of the day, just a business.
As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.
We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.
We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.
I completely agree with you but I'm not sure I can really think of a solution for the RF baseband problem. I really don't want to live in a world where everyone's wifi signal is terrible because lots of stupid software devs decided to boost the RF power for their product to make it work better.
Yes. That thought did cross my mind. However, the RF baseband is an independent opaque blackbox already. As far as I know, it even includes an entire hidden operating system. But opening up the rest of the system, leaving the BB as it is, will go a long way to an open user-controlled system. We could adopt that as a stop gap measure until a longer term solution is found.
In the longer term however, we will need such a restriction on RF BB lifted too. Openness isn't just about modifiability. It's essential for security too. I'm someone who believes that security and granular restrictions can be implemented without being hostile towards users. This is why I don't buy Apple's argument that hardware lockdown measures like soldering on batteries, permanently gluing up ICs, etc are essential for miniaturization and security.
One solution for the problem you mentioned (devs over-boosting the RF output) is to have a one-time programmable power limiter after one of the final fixed-gain RF power amplifiers. (An example of a one-time programmable device is an anti-fuse FPGA). Such a baseband can be programmed to conform to the market country's regulations (or something even stricter) before assembly. This way, the developer can boost the signal as much as they want, but the device simply won't respond beyond the permissible limit.
Of course, all these are daydreams, because it has to be implemented by the baseband manufacturer. Unfortunately, their incentives don't align with our interests.
Is there any person or organization out there doing significant work against remote attestation being a thing? I'd love to support them.
You shouldn't be: https://news.ycombinator.com/item?id=26644216
> I will be suprised if companies like apple comply though
They will.
All tech companies already comply with India's IT Act. And India now manufactures 44% of all iPhones sold in the US [0] while dangling the stick of a $38B anti-trust fine [6] but also the carrot of implementing China-style labor laws [10] that Apple lobbied for [11], so Apple doesn't have much of a choice because both China and Vietnam (the primary competitors for this segment of manufacturing) have similar regulations while not shielding them from Chinese competitors. Samsung is in the same boat at 25% of their manufacturing globally being done in India in CY24 [1] while is also trying to further entrench itself [2][8][9] due to existential competition from Chinese vendors [3][7].
Heck, Apple complied with similar regulations in Russia [7] before the Ukraine War despite being a smaller market than India with no Apple manufacturing, engineering, or capex presence.
All large companies who face existential threats from Chinese competitors have no choice but to entrench in India as it's the only large market with barriers against direct Chinese competition - ASEAN has an expansive FTA with China which has lead both South Korea, Japan, and Taiwan to lose their staying power in countries like Vietnam, Indonesia, and Thailand where Chinese competitors are being given the red carpet, and Brazil is in the process of one as well.
And the Indian government is taking full advantage of this to get large companies to bend to Indian laws, as can be seen with the damocles sword of tax enforcement on Volkswagen [4] while negotiating an FTA with the EU and a potential $38B anti-trust fine against Apple [5] while negotiating a BTA with the US. It's the same playbook China used when it was in India's current position in the late 2000s and early 2010s.
Finally, India was in a de facto war earlier this year against Pakistan (Chinese manufactured missiles landed near my ancestral home along with plenty of Turkish and Chinese drones) along with a suicide bombing in India's Tiannamen Square (the Red Fort) a couple weeks ago [12], so anything national security has a bit more credence and leeway.
[0] - https://scw-mag.com/news/apples-supply-shift-to-india-speeds...
[1] - https://www.techinasia.com/news/samsung-to-broaden-manufactu...
[2] - https://www.chosun.com/english/industry-en/2025/11/25/SLEYWT...
[3] - https://www.digitimes.com/news/a20251118VL205/2030-samsung-s...
[4] - https://www.ft.com/content/6ec91d4a-2f37-4a01-9132-6c7ae5b06...
[5] - https://www.reuters.com/sustainability/boards-policy-regulat...
[6] - https://www.macrumors.com/2021/03/16/apple-to-offer-governme...
[7] - https://www.businesskorea.co.kr/news/articleView.html?idxno=...
[8] - https://www.digitimes.com/news/a20250903PD208/samsung-india-...
[9] - https://www.digitimes.com/news/a20241212PR200/samsung-india-...
[10] - https://www.bloomberg.com/news/articles/2025-11-21/india-imp...
[11] - https://www.bloomberg.com/news/articles/2023-03-21/apple-see...
[12] - https://abcnews.go.com/International/wireStory/india-intensi...
Even an open platform would do nothing. If you are a suspect, your phone would be checked in person (India doesn't have the concept of the 4th Amendment, and police demanding physical access to your phone during a search is routine) and if you were using something like GrapheneOS, it would be used as evidence against you. Indian law enforcement has already used access to Signal and Telegram as circumstantial evidence in various cases, and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
And anyhow, major Android vendors like Samsung have aligned with the policy as well.
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
China doesn't require pre-installed apps but the Chinese government require all data processing and storage to be conducted within China with complete source code access.
India chose to back off on data sovereignty [0] because it would have had a side effect of making Indian IT Offshoring less competitive plus to help make negotiating a US-India BTA easier [1].
[0] - https://verfassungsblog.de/cross-border-data-flows-and-india...
[1] - https://www.bloomberg.com/news/articles/2025-04-25/us-seeks-...
From what I just heard on the Upgrade podcast, Apple only put a splash screen up when you first purchased your phone “encouraging” users in Russia to download the app. It didn’t force you to.
That's true, it opens a splash screen. But if I remember correctly even if you dismiss it it opens a corresponding AppStore section. Which was kinda annoying but that's it.
In more recent developments of this story, looks like Russian authorities saw a success of EU's push for alternative stores and now want Apple to allow that in Russia too [1,2]. Sadly, the motivation is twofold: a. let authorities publish their spyware (Max messenger) and b. let sanctioned companies publish their apps (sberbank). I haven't heard a single word about caring for user freedom.
P.S. just for laughs: Since it's currently (almost)impossible to install alternative appstores, stores and online marketplaces selling iphones now label them as "defective" [3]: below title "Имеется недостаток товара: невозможно установить и использовать RuStore" = "Defect: impossible to install and use RuStore"
[1] (ru) https://www.ixbt.com/news/2025/07/07/apple-rustore-iphone-ip...
[2] (en) https://meduza.io/en/feature/2025/06/27/an-app-store-ultimat...
The same podcast episode - the latest one - said that Apple isn’t selling in Russia right now so the point is moot.
Why wouldn't they? If Apple doesn't comply, the Indian government could force them to withdraw from the market or otherwise make their lives difficult. I can't see Apple or their shareholders caring about privacy enough to abandon such a large market.
have you seen what Tim Apple has been up to lately with his own government?
What stops someone from loading GrapheneOS on their (Indian) Android phone?
Mostly the fact that GrapheneOS only works on Google Pixel hardware currently and vendor unlock status. It's the only available phone hardware that provides full bootloader unlock capabilities AND suitable security protections baked into the secure enclave and boot process, including things like rate limiting in hardware like password cracking attempts via external brute-force input means, lockdown of usb ports until boot unlocked with a pin, etc. Their website spells out all the reasons.
Other phone makers could if they wanted to do the same, but do not as an active choice, or at least somebody's choice above them.
... secure boot?
I don't understand "just load GrapheneOS" sentiments. It only runs on extremely specific flagship devices with explicit features that allow it that are out of financial and technical reach for >99.9% of population of Earth and it still fully relies on AOSP. It's an escape hatch for mice. Or is it really not that way?
It is a dodgy Android distro for several reasons.
LineageOS has no such shenanigans nor has a pattern of suspicious funding.
> It is a dodgy Android distro for several reasons.
What are these reasons?
> LineageOS has no such shenanigans nor has a pattern of suspicious funding.
What pattern of suspicious funding?
There are threads on YC almost every week/month promoting that dodgy distro. Inside them are the comments with proper details from plenty of other YC users.
For the sake of avoiding repetition or bias, just do your own research. There is a search box at the end of the page.
you're all over this thread saying this, can you link an article or at least explain what you mean?
It will be used as evidence that the person who has GrapheneOS on their phone is attempting to break the law. Telegram and Signal chats are often used as circumstantial evidence of malfeasance in Indian national security cases, so the jump to using GrapheneOS as evidence of malfesance is tiny.
India already considers communications they can't monitor illegal. Specifically, satellite communication devices. Not just the crazy expensive satellite phones, but the satellite texting devices a lot of us backcountry types have. And some have been arrested for having them. Yeah, terrorists have used such stuff, but to us it's 911 for when we are far from the cell grid.
"Cops in this country think everyone using a Google Pixel must be a drug dealer" (because of GrapheneOS)
https://news.ycombinator.com/item?id=44473694
https://grapheneos.social/@GrapheneOS/114784469162979608
> European authoritarians and their enablers in the media are misrepresenting GrapheneOS and even Pixel phones as if they're something for criminals. GrapheneOS is opposed to the mass surveillance police state these people want to impose on everyone.
I see it more as an extra reason to use it:
- If only criminals want privacy, privacy becomes suspicious
- If more people use an open OS, it's more profitable for commercial entities to not put in extra effort to block these devices due to the FUD going around about them being insecure
So if someone suggests that using open source software is increasingly being seen as suspicious, the #1 thing to do is start using it
> Apple's iOS powered an estimated 4.5% of 735 million smartphones in India by mid-2025, with the rest using Android, Counterpoint Research says.
Sounds like Google should be the one leading the charge against this. Will be interesting to see what they do.
> The app is mainly designed to help users block and track lost or stolen smartphones across all telecom networks, using a central registry.
It's an app. That's all it does now (presumably). Once installed, it can be changed in the future to do all kinds of terrible things. This is big brother.
A government minister has clarified that the app is not mandatory but "optional" and can be deleted by the user is they don't want to use it - Sanchar Saathi app optional, can be deleted, says Telecom Minister Scindia - https://www.thehindu.com/sci-tech/technology/sanchar-saathi-... .
> A government minister has clarified that the app is not mandatory but "optional" and can be deleted by the user
In India it doesn't really mean anything. As an example the biometric based id 'Aadhaar' is 'voluntary' on paper, The Modi govt had to concede this after a Supreme court judgement that made it clear that Aadhaar cannot be made mandatory. However in practice it's anything but. Govt officials will openly refuse to consider other forms of id. They have been informally told by the highest rungs of govt that they will be protected against any complaints and that they need to insist on Aadhaar.
The whole point is to make daily life practically impossible without Aadhaar so that the citizens give in and 'voluntarily' give their biometrics.
The order states:
> Ensure that the pre-installed Sanchar Saathi application is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted.
https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re... (Press Release)
https://x.com/arvindgunasekar/status/1995540552205697079 (Leaked Order)
Does not sound optional. (I do not have an Aadhaar and have to fight across regulated domains - finance, insurance, banking, investments, even renting).
The developers of this app have a @ gmail.com mailbox listed as the support contact.
And they claim to protect people from fraud / phishing / scams.
> https://x.com/shantanugoel/status/1995874411543671208
>> sanchaarsaathi.dot AT gmail dot com >> broadbandmission AT gmail dot com
This is just bad PR from Indian government. Communication minister clarifies the app is optional https://timesofindia.indiatimes.com/technology/tech-news/tel...
Reuters/BBC have been famous to pounce and sensationalizing.
Sounds like both articles are right: There was a private government order to preload that app to smartphone makers. And it is not mandatory for citizens to use the app.
No sensationalizing apart from you it seems
not really. you may read the official notification here https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140&re...
"Manufacturers must ensure the App is easily accessible during device setup, with no disabling or restriction of its features"
"With 5 million total downloads - the app has saved 3.7 million lost phones", this somehow doesn't add up for me, as this implies more than 74% of phones are stolen? Or this this govt lying to pad the numbers to make the app look like a sheep in wolves clothing.
It is happening, in spite many won't really deeply believe. Every day 33 brits are arrested for what they say online.
It's happening, and it's time we say no. It's uncomfortable, but we need to do it en masse, right now.
Do not buy backdoored hardware, help others get rid of the backdoors, use anonymous technology to organize protests.
There has to be a line.
I didn't find any context for your claim so here is some reddit comment:
So it’s true 3,300 people were arrested for posts online. What they don’t tell you are the statistics or context. The actual law for these arrests covers EVERYTHING online. These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication (including sending unsolicited sexual photos to strangers). It also includes spreading false information that could cause harm or affect an ingoing investigation.
If you look at convictions, only 137 people were actually sentenced in 2024.
https://www.reddit.com/r/DebunkThis/comments/1mmux6r/comment...
The arrest is the punishment. Here is a man getting arrested and subsequently harassed by the Police for 13 weeks for just posting a picture of himself with a shotgun in America.
Or the Tennessee man held in jail for over a month for a Facebook meme post: https://www.wtae.com/article/tennessee-facebook-post-felony-...
Note: this occurred in the US and not the UK but it happens here, too.
We’re basically seeing this story through media summaries and Richelieu-Booth’s own account, which means the narrative reflects either what he says happened or brief police statements. There’s very little publicly available that allows anyone to independently confirm or contradict either side.
Stories like this are designed to provoke a reaction, but the truth could be far more mundane: he might be a completely unreasonable person who was genuinely stalking someone, and police might have had credible concerns. We simply don’t have the full picture.
For balance, West Yorkshire Police do have a reputation for being heavy handed. the same force that used drones during Covid to shame people walking alone on the moors.
My point is: this isn’t solid evidence of Orwellian decline. It’s difficult to draw sweeping conclusions about Britain from a single case built on incomplete information and media amplification.
This has a bit more info: https://www.yorkshirepost.co.uk/business/orwellian-nightmare...
Notably:
> with the situation causing him considerable stress at a point where he was also dealing with an inquest into the deaths of his parents, who had both died in a car crash in 2023
so for some reason, there was something going on about his parents' death two years later. The article also states:
> He said the complaint against him was linked to an ongoing business dispute.
My take is that someone used his pictures of him holding guns (illegal in the UK) as support for a claim that he is an armed and dangerous stalker. Whatever got flagged regarding the inquest into his parents' deaths probably added suspicion. Police acted quickly (as they should, but probably too quickly) and made mistakes, but it looks like they couldn't accept that they were being used, so they decided to continue pressing onwards with the investigation, hoping they were still right and wouldn't be on the hook for a false arrest.
Getting falsely arrested is always terrible, but the way the media spins this as some kind of witch hunt about a LinkedIn post is misleading at best.
> These arrests include those arrested for terrorism (if the planning/act of terror includes any online communication in the UK), threats of violence, racist abuse, hate speech and unwanted communication
All of these attempts to "debunk" this statistic feel like they're missing the mark. How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests? Does it not seem strange that the second half of that list is worthy of arrest?
> If you look at convictions, only 137 people were actually sentenced in 2024.
This, again, does not help. Being arrested isn't a casual thing. It threatens everything from your job to your reputation and your relationships, even if you aren't convicted.
In many countries you do not get charged with every possible crime if there is a larger crime involve. If someone rob a place, they don't also need to have separate charges for illegally entering the place, destroying property when they broke the window, selling stolen goods, wire fraud for using the banking system, and money laundering for concealing that it is illegal money, and tax evasion. Each step is illegal on their own, but time crime statistics won't be written like that. The prosecutor may argue that if the accused are not found guilty for the primary, then secondaries may then be used.
The strange thing is that the UK are arresting people for abusing the telecom system, and not for the more serious crime like terrorism, death threats, harassment and sexual harassment.
> How did the UK get a point where planning terrorism and making mean comments online go into the same statistic for arrests?
In most publications: because the people reporting on these statistics can get more views and clicks that way. FUD sells. If someone online can defuse the statistics, the reporters that spread them also could've, but chose not to.
As for the second half of the list, "racist abuse, hate speech, and unwanted communication" are pretty common things to incriminate. Even the extremely liberal freedom of speech laws in the USA do not permit stalking ("unwanted communication") and racist abuse is criminalized in all kinds of cases (i.e. firing someone because of their race).
Can you just imagine the amount of arrests we’d have in the US if simply saying really offensive things at officials was enough to get you arrested.
Using Carlin’s dirty words against others you dislike or quoting passages from historical books should not warrant arrests.
This comment is getting downvoted, but another comment provide a real source for this having happened to someone: https://archive.is/bH56T
oh well as long as it's only happening to some people no problem then huh? That's okay?
Ahh yes reddit the most accurate location of truth finding. Could you at least link the source of the comment or are we supposed to take a random redditor as fact?
The price of freedom will only go up. People can’t help but wait to buy at the last minute when it costs an arm and a leg.
This is probably one of the best ones https://www.bbc.co.uk/news/articles/c9dj1zlvxglo
Edit: I believe they are now getting compensation for a 'wrongful arrest' which, sounds entirely deserved.
I don't know. You can bet these people were being obnoxious sh*ts to teachers and trying to rally some online mob to get their way. No much sympathy from me, even if arrest (and not a stern telling off and being told to set a good example for their kids and behave like adults) was a bit much.
Yeah I can imagine, I know the sort, however you can't really assume that as you don't know them, people have a right to be upset if their children's education is at stake and in some cases the schools management can be the 'obnoxious sh*ts'.
What is clear though is there has been some abuse of power by the police. I wondered if someone at the school 'knows' someone in the police, which made it go so far.
A Liberty GB spokesman said: "Mr Weston was standing on the steps of Winchester Guildhall, addressing the passers-by in the street with a megaphone.
"He quoted an excerpt about Islam from the book The River War by Winston Churchill.
"Reportedly, a woman came out of the Guildhall and asked Mr Weston if he had the authorisation to make this speech.
"When he answered that he didn't, she told him: 'It's disgusting', and then called the police.
"Six or seven officers arrived. They talked with the people standing nearby, asking questions about what had happened.
"The police had a long discussion with Mr Weston, lasting about 40 minutes.
"At about 3pm he was arrested. They searched him, put him in a police van and took him away."
willingly live in their homeland? yeah i don't know either bro
I'm not OP but a quick yandex search (google isn't great for conservative news) suggests ~12k people were arrested last year for speech. https://nypost.com/2025/08/19/world-news/uk-free-speech-stru...
This article says 10k https://www.zerohedge.com/political/britains-speech-gulag-ex...
More broadly it's been a huge issue for a while, tons of articles come out of the UK for people being arrested for criticizing politicians/policies. Even more dystopian is it's hard to report on, because the police might come after you for talking about it. Germany is having similar issues, it's easy to forget most of the world (including Europe) doesn't have free speech
Brits get arrested for even supporting peace, I don't feel I need to verify this claim.
the lowest resistance solution to e.g. cheating at school using ChatGPT will be spyware on kids' devices.
while nobody should be arrested for speech online, here on hacker news, people are downvoted for saying something unpopular (as opposed to whatever, i don't even know what the criteria is, but maybe it should be "toxic") all the time. you are preaching to the wrong audience, not the choir.
I've seen what's said online these days. Open racism and bigotry. This has always been the case but now it's done without shame by prominent people and influencers using their real account. Twitter is as bad as Stormfront these days.
We absolutely need to police hate speech.
> There has to be a line.
There is no line at all these days, with open hatred displayed. Fascism is on the rise across the world off the back of the hatred that's produced on social media.
> Every day 33 brits are arrested for what they say online.
They must be giving them tea and crumpets before releasing them to generate more hate online because it clearly isn't working.
I'd like to think that we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online... i'd place the line about there.
However, there are cases which do cross the line... https://www.bbc.co.uk/news/articles/c9dj1zlvxglo
> we all agree that you would be arrested for saying things in person (hate crimes, etc) would be the same things you'd be arrested for saying online..
And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
> And that’s where you’d be wrong - lots of us belief that speech should not be a cause for arrest except in the most extreme circumstances. Hurting someone’s feelings is not that
what is an extreme circumstance?
At least in the UK, hate speech is a crime and is punishable by law, whether people agree or disagree is irrelevant, I do believe that if it's illegal on the street it should be illegal online, obviously in the relevant jurisdiction.
Just another round in the decades-long battle of who owns your device: Industry or state. It's never you, mind you, who owns your device.
The perversion is that you are legally responsible for what happens with your device, but you are unable to prevent others from using it as they wish. An app like this is automation for putting people into jail. Just upload some illegal content and then "detect it". There's literally nothing you can do to defend against this attack, and it will work until it's overused.
Want to check number of SIMs in your name? Download Sanchar Saathi to check:Links to Play store and App Store. Department of Telecom
I was getting these messages for sometime and installed it finally. It is the same app that is mentioned in the article. My phone is already in the system then.
So, basically, this is just SIM card functionality for the age of eSIMs?
A lot of people in this thread seem unaware of what SIM cards actually are and do.
As "totalitarian" as it sounds, it actually makes sense that India's govt had to take such drastic steps. Telecom providers and smartphone manufacturers have criminally refused for decades to protect end-users, because it makes them money.
Govt can't have their population at large being scammed by criminals and do relatively nothing about it. It's a huge economic and productivity drain people seem to have "accepted as normal".
So how do you not shut down and arrest these greedy international corporations, which would disrupt a country's infrastructure, despite ongoing warnings? Force them.
To me it's akin to the US govt mandating software that allows users to report any and all spam, fully traceable to criminals and providers, whom the govt could prosecute/heavily fine 100% of the time. Dangerous 2-edged sword, but if takes down that despicable scam industry, later it can transition to a law mandating the same protection but in a privacy a preserving manner.
Apple's geotargetting was at least in the past tied to where device was sold. Example is FaceTime in UAE: phones sold there will never have working FaceTime anywhere but if you bring your American phone in, it seems to work.
But easy enough to tie it to iCloud region - you have to set your device and iCloud to Indian region to be able to use many of their region specific payment methods (ie UPI)
I am visiting India. The app wasn’t installed automatically. I received the SMS telling me to install the app but I am using an Indian sim borrowed from a friend. So I figured I got the SMS because of Indian sim. My wife didn’t receive sms as she is using Airalo esim data service.
I didn’t know the SMS was legit or not and I just marked it as spam. The challenge I have found with mobile in India is the excess of sms spam. Also the sender is always some cryptic alphanumeric characters so authenticity is difficult to judge.
i thought 'india' here indicate china before i clicked in.
Meanwhile the US has more than 4 different state owned cyber crime apps named after random things such as Google, Apple, Microsoft and Facebook, and many more. The kicker is they run all over the world.
Anyway, that doesn't in any way negate that this is shit for the people of India.
>With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones
Ah yes, so because someone has stolen MY phone, I should give up all my right to privacy and allow the government to have their claws in my phone.
Logic. What a silly point to make when 'findmyphone' services, which are OPT-IN litterally do the same thing.
Soon in U.S.
For the safety and security of children, of course.
ref: "the new tobacco"
this last year i'm seeing very concerning behavior in students in the 14-20 range. complete addiction to their phones. very deep interests in things i was completely unaware that they existed. similar to how when i started noticing anime girlfriends/waifus in 2016.
about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
if society doesn't do something, and soon, say goodbye to the cognitive ability of a large chunk of future generations.
> very deep interests in things i was completely unaware that they existed ... say goodbye to the cognitive ability of a large chunk of future generations
I would think very deep interests in niche or obscure topics is correlated with increased cognitive ability, not a decrease.
> very deep interests in things i was completely unaware that they existed
That's just a symptom of getting old. Young people always find stuff that baffles adults. When I was a teenager, Anime itself was like this - just being "into" anime was considered some kind of bizarre, obscure affectation by adults.
I think smartphones present real challenges (and I don't get how/why they're allowed in schools), but a lot of what you're describing is normal.
The children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers.
Got some example words or phrases? When I hear stuff like this I'm curious how much is just your standard "out of touch adult" stuff and how much is genuinely bizarre niche rabbitholes.
If by "society" you mean the state, I disagree.
The world is changing quickly, and many people may run into problems, but I'd rather let cultural solutions to these problems naturally arise. Relying on a government to impose top-down solutions on these complicated and poorly understood problems is a recipe for a disaster of unintended consequences.
Honestly shocked it took this long for governments to start doing this; it seemed inevitable that governments would want all the data private entities have been enjoying.
More and more it seems like the benefits of being connected are not worth the cost of being so visible to so many hostile (state and non-state) actors
Yeah, internet is a dead star in so many ways this days. Repetitive, addictive and a private data sucker. I'm already starting to buy programming books and offline content preparing for a radical semi-disconnection.
I can actually not have a phone like I don’t need one that bad if they want to make it a nightmare. I can go back to a dial tone.
And this is why we need unlockable bootloaders and stuff like Graphene and LineageOs. Having only two mobile Os is very convenient until stuff like this happens.
These things are more a factor of aggregate risk handling. As an example, if you have tuberculosis it is possible even in the US for the country to mandate that a doctor watch you take the treatment. Totalitarian? Authoritarian? A tool that could be used to force someone to have to show up to where a state-controlled authority could confirm that they are? Yes, all of these things could be words you could assign to that.
But societal combined risk is commonly handled in this way. In the US, if you employ someone you have to report that you paid them to a central federal government. Way to track someone? Surveillance state? All words you could use.
And the government previously restricted gambling and so on. The question isn't "why would a bad government do these things?". The question is "would a benevolent government do these things?" and "if so, why?". And the answer is quite straightforward, I think:
Someone in the government has observed that there is a great deal of cyber crime in India. A fairly uneducated population, with very high smart-phone penetration (85%+ apparently), and a large number of fraudulent actors that their federal government is unable to enforce against. So they're attempting to attack the problem where they can.
This is ultimately India. They don't need insidious "app on your phone" / stingray / any other sophisticated solution. The local politicians can manipulate local authorities to get your cell tower association data and SMS. And if they want your comms devices they will rubber-hose the secrets out of you.
Someone I know worked at a big FAANG. He's Indian so went back to Bangalore to see his ailing mother. One day he took an auto-rickshaw while wearing his FAANG sweatshirt. The driver took him to a makeshift jail where he, police officers, and a magistrate conspired to threaten the guy with prison unless he paid $10k. $10k is nothing to a FAANG engineer, so he paid up, was brought in front of court on some lesser charges and then had to pay a small fine (much less than $10k). And then he flew back to the West Coast and never returned to India. Trying to reason about this kind of place using the perspective of the West is meaningless.
I think it unlikely they're trying to use this as cyber-surveillance. India simply does not have the infrastructure necessary to do that at scale. And they have the infrastructure for the rubber-hose, and Indians wear their identification on their sleeve, so to speak. Names point to ethnic groups and castes. Primarily endogamous marriage means if you want to perform violence against groups you can simply spread out from one member of the family unit being visibly of that group.
Using an app to get access to someone's data there is sort of like using Heartbleed to get root on a machine on which you are in /etc/sudoers with NOPASSWD.
All good goals - but this can be done by the government forcing the private companies (Apple/Goog/Samsung) to build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
This will keep the data out of governments hands, while pushing the cost burden to these companies and they would be better equipped to build around these goals than the government themselves.
We all know the govt doesn't have a great track record with using Pegasus etc... Giving away control to apps that can decide your phone is stolen and lock it opens the door to any possibility including a totalitarian regime. It would be naive to believe that even if this is done with good intentions, such control could be easily mis used by opposition parties, one malicious individual etc...
I don't think the Indian government realistically has the ability to enforce on Apple/Google/Samsung like that. Regardless, even if they did, India has a diversity of (what we would probably consider) garbage smartphones. For anyone who lives in the West and is used to the kind of state legibility and control here, I think they'd find India quite surprising. The state has limited visibility and control there, simply because they never built a trustable bureaucratic network of data transmission.
If you read the Internet, you will hear that India has strict controls on KYC for SIM cards and so on. But on my last trip there I acquired one without much fuss. I'm not sure how that happened but I didn't provide any ID! I suspect that in such an environment you can't really do the thing you're suggesting.
The average mobile phone store there had an absolutely mind-blowing profusion of smartphone brands that all sound like those Amazon drop-shipped Chinese brands: Vivo, Poco, Realme, Oppo. And those are the good ones! There is a Cambrian-like explosion of brands there from various manufacturers. It's an unusual place.
EDIT: I'm going to have to reply to you here because I'm rate-limited on comments. See below in response.
Is it contradictory? I imagine saying "install this app on your phones from the factory when selling here" is a lot more achievable than coordinating what you suggested which is:
> ...build tools, reporting, support services around helping with both Scamming applications or Stolen phones etc....
But perhaps you anticipate these to both require equivalent ability? If so, I think that's the crux of the disagreement. I don't think the Indian state has the power to set up a mechanism to set a standard for tools, reporting, and support services that meet some requirements to detect scammers etc.
In fact, I think that's a really high bar. I think perhaps only highly developed nations would have any success designing such a program. I think even the smaller EU member nations would fail at it, and I don't think any of the developing nations (barring China).
I feel like you are making a contradicting point, on one hand you say its all disorganized but "organized enough" to allow the govt to force install their app, but not enough so it can coordinate the same thing with the same people they are going to force to install the app?
Google, the phone manufacturer and now the state running bloatware on my phone. I will have three dialers, calendars, etc. All of them uninstallable
Get GrapheneOS. The installation is painless and the OS surperior. No mainstream phone OS is viable in the privacy and security nightmare of today.
the good news is that I'm personally on my last few years online. I don't think there's anything really worthwhile in this space to do as a contributor or even as a consumer
I assume that in the US, the major manufacturers of phones and their operating systems already have backdoors for national security reasons. I think back to the past leaks from Snowden regarding the PRISM program. That program specifically included Google and Apple cooperating with the government under the FISA Amendments Act of 2008.
So while this state-owned cyber safety app is authoritarian, I wonder if it reflects just the most practical way India’s government can achieve the same things that the US has.
I am not defending it's use but a secret program is a targeted program, you can't use it in sweeping arrests without parallel construction. Whereas with an openly existing program you can point out that someone has been talking to their friend about how to get abortion medication and arrest them.
The real issue with 100% enforcement of law is it requires a society with differing values to not just agree on which laws exist but what just punishment is. Without leeway for differing social judgement or bifurcation.
These are just excuses to convince yourself that what the US is doing is "not bad" but what India is doing is "terrible".
Both are doing similar things. You have no idea what the US is doing; I have some inkling, and it is terrible.
At least India is publicly disclosing what this app does, and that the phone has this app. Do you have any idea what the US does?
Hint: that big data center in Utah, what is it for?
Another hint: the US has given many billions of dollars to US telecom companies under the guise of "rural broadband" and "rural cell service". Has the state of rural service really changed much in the last 30 years?? Why has all that money been given, then?
Did you mean to reply to someone else?
No one is claiming the US government is doing less terrible things than the Indian government.
Parallel construction is incredibly easy though with confidential informants and honeytraps/entrapment (for another crime, for example).
Sovereign tech stacks matter
Without domestic silicon or OS, you're forced to mandate bloatware that users can see
Real power operates at the silicon/firmware level, invisible, unremovable, and uncompromisable
This is a cringe move from India
https://www.centerforcybersecuritypolicy.org/insights-and-re...
When Deep State is doing this through Google and Apple's backdoor, its okay. But when a democratically elected entity does this in its own region, they start getting lectures on freedom.
Literally nobody thinks that's ok besides the people doing it.
Find one HN thread where consensus/majority is that Apple/Google backdoors are okay
Sounds so authoritarian. Luckily, in the UK you only have to scan your face and ID to access cat photos.