Comment by qwerty59
Comment by qwerty59 2 days ago
Very concerning. I will be suprised if companies like apple comply though.
Comment by qwerty59 2 days ago
Very concerning. I will be suprised if companies like apple comply though.
> Do they actually have a choice?
Yes. Apple's revenues are half as much as the government of India's [1][2]. That's a resource advantage that gives Cupertino real leverage against New Delhi.
[1] https://www.apple.com/newsroom/2025/10/apple-reports-fourth-... $102.5bn / quarter
[2] https://en.wikipedia.org/wiki/List_of_countries_by_governmen... $827bn / year
Like any business Apple needs growth to satisfy the shareholders. New growth would come from India and China. Apple didn't leave China and neither it will leave India. India can and will survive without Apple. Though having it in the country would be good for optics.
The moment mobile companies locked down sideloading, ability to uninstall bundled software, etc., they made it impossible to argue techincally against bundled, uninstallable software from the government.
> Apple didn't leave China and neither it will leave India. India can and will survive without Apple
They can both survive without each other. But neither is going to break the arrangement without a lot of pain. They have mutual leverage with each other, and that becomes particularly material when one stops treating India as a monolith.
> India can and will survive without Apple. Though having it in the country would be good for optics
Most people aren't content with merely surviving.
Apple has built an entire alternative iMessage+iCloud setup in China to comply with government regulation. They also bowed to the UK's demands to disable E2EE backups.
They'll probably try to make the app as non-shitty as they possibly can, and will probably leverage all kinds of geographical restrictions and whatnot to isolate the impact of these changes, but when threatened with a large market share hit, Apple will comply.
Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China.
Also, they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate’.
Apple is, at the end of the day, just a business.
> Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China
That creates obligations both ways. Put another way, Apple is an increasingly-major employer in India.
The real carrot New Delhi has is its growing middle class. The real carrot Apple has is its aspirational branding.
> they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate'
Apple regularly negotiates and occasionally openly fights laws its disagrees with. This would be no different. Cupertino is anything but lazy and nihilistic. Mandated installation opens a door they've fought hard to keep shut because it carries global precedent.
"Leave us alone or we'll cancel our plans and move somewhere else"
As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.
We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.
We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.
I completely agree with you but I'm not sure I can really think of a solution for the RF baseband problem. I really don't want to live in a world where everyone's wifi signal is terrible because lots of stupid software devs decided to boost the RF power for their product to make it work better.
Yes. That thought did cross my mind. However, the RF baseband is an independent opaque blackbox already. As far as I know, it even includes an entire hidden operating system. But opening up the rest of the system, leaving the BB as it is, will go a long way to an open user-controlled system. We could adopt that as a stop gap measure until a longer term solution is found.
In the longer term however, we will need such a restriction on RF BB lifted too. Openness isn't just about modifiability. It's essential for security too. I'm someone who believes that security and granular restrictions can be implemented without being hostile towards users. This is why I don't buy Apple's argument that hardware lockdown measures like soldering on batteries, permanently gluing up ICs, etc are essential for miniaturization and security.
One solution for the problem you mentioned (devs over-boosting the RF output) is to have a one-time programmable power limiter after one of the final fixed-gain RF power amplifiers. (An example of a one-time programmable device is an anti-fuse FPGA). Such a baseband can be programmed to conform to the market country's regulations (or something even stricter) before assembly. This way, the developer can boost the signal as much as they want, but the device simply won't respond beyond the permissible limit.
Of course, all these are daydreams, because it has to be implemented by the baseband manufacturer. Unfortunately, their incentives don't align with our interests.
Is there any person or organization out there doing significant work against remote attestation being a thing? I'd love to support them.
You shouldn't be: https://news.ycombinator.com/item?id=26644216
> I will be suprised if companies like apple comply though
They will.
All tech companies already comply with India's IT Act. And India now manufactures 44% of all iPhones sold in the US [0] while dangling the stick of a $38B anti-trust fine [6] but also the carrot of implementing China-style labor laws [10] that Apple lobbied for [11], so Apple doesn't have much of a choice because both China and Vietnam (the primary competitors for this segment of manufacturing) have similar regulations while not shielding them from Chinese competitors. Samsung is in the same boat at 25% of their manufacturing globally being done in India in CY24 [1] while is also trying to further entrench itself [2][8][9] due to existential competition from Chinese vendors [3][7].
Heck, Apple complied with similar regulations in Russia [7] before the Ukraine War despite being a smaller market than India with no Apple manufacturing, engineering, or capex presence.
All large companies who face existential threats from Chinese competitors have no choice but to entrench in India as it's the only large market with barriers against direct Chinese competition - ASEAN has an expansive FTA with China which has lead both South Korea, Japan, and Taiwan to lose their staying power in countries like Vietnam, Indonesia, and Thailand where Chinese competitors are being given the red carpet, and Brazil is in the process of one as well.
And the Indian government is taking full advantage of this to get large companies to bend to Indian laws, as can be seen with the damocles sword of tax enforcement on Volkswagen [4] while negotiating an FTA with the EU and a potential $38B anti-trust fine against Apple [5] while negotiating a BTA with the US. It's the same playbook China used when it was in India's current position in the late 2000s and early 2010s.
Finally, India was in a de facto war earlier this year against Pakistan (Chinese manufactured missiles landed near my ancestral home along with plenty of Turkish and Chinese drones) along with a suicide bombing in India's Tiannamen Square (the Red Fort) a couple weeks ago [12], so anything national security has a bit more credence and leeway.
[0] - https://scw-mag.com/news/apples-supply-shift-to-india-speeds...
[1] - https://www.techinasia.com/news/samsung-to-broaden-manufactu...
[2] - https://www.chosun.com/english/industry-en/2025/11/25/SLEYWT...
[3] - https://www.digitimes.com/news/a20251118VL205/2030-samsung-s...
[4] - https://www.ft.com/content/6ec91d4a-2f37-4a01-9132-6c7ae5b06...
[5] - https://www.reuters.com/sustainability/boards-policy-regulat...
[6] - https://www.macrumors.com/2021/03/16/apple-to-offer-governme...
[7] - https://www.businesskorea.co.kr/news/articleView.html?idxno=...
[8] - https://www.digitimes.com/news/a20250903PD208/samsung-india-...
[9] - https://www.digitimes.com/news/a20241212PR200/samsung-india-...
[10] - https://www.bloomberg.com/news/articles/2025-11-21/india-imp...
[11] - https://www.bloomberg.com/news/articles/2023-03-21/apple-see...
[12] - https://abcnews.go.com/International/wireStory/india-intensi...
Even an open platform would do nothing. If you are a suspect, your phone would be checked in person (India doesn't have the concept of the 4th Amendment, and police demanding physical access to your phone during a search is routine) and if you were using something like GrapheneOS, it would be used as evidence against you. Indian law enforcement has already used access to Signal and Telegram as circumstantial evidence in various cases, and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
And anyhow, major Android vendors like Samsung have aligned with the policy as well.
> and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
I think this is a bit exaggerated for effect. No one in India considers having a Linux laptop as being circumstantial evidence in case of a crime. Whereas having Tor installed would be.
If it was open, truly open, wouldn't using GrapheneOS be easier and far more common than it is now?
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
China doesn't require pre-installed apps but the Chinese government require all data processing and storage to be conducted within China with complete source code access.
India chose to back off on data sovereignty [0] because it would have had a side effect of making Indian IT Offshoring less competitive plus to help make negotiating a US-India BTA easier [1].
[0] - https://verfassungsblog.de/cross-border-data-flows-and-india...
[1] - https://www.bloomberg.com/news/articles/2025-04-25/us-seeks-...
> making Indian IT Offshoring less competitive
So does a security backdoor in every mobile device used by said Indian offshoring staff.
I don't think there is any reason to assume they would allow forced code execution just because they allow data residency for mainland accounts. And unfortunately, China is likely a much larger and more profitable consumer market than India - presumably they can still export phones produced inside India without this.
This is an interesting point. Is there anyone in mainland china that does do not install WeChat plus AliPay installed? It is hard to live without it! Literally, you can buy a kilo of veg from a wet market stall and pay with AliPay.
The GFW is certainly looking for traffic to block, but it is not really going to invade much privacy, as it cannot decrypt anything using HTTPS/TLS.
From what I just heard on the Upgrade podcast, Apple only put a splash screen up when you first purchased your phone “encouraging” users in Russia to download the app. It didn’t force you to.
That's true, it opens a splash screen. But if I remember correctly even if you dismiss it it opens a corresponding AppStore section. Which was kinda annoying but that's it.
In more recent developments of this story, looks like Russian authorities saw a success of EU's push for alternative stores and now want Apple to allow that in Russia too [1,2]. Sadly, the motivation is twofold: a. let authorities publish their spyware (Max messenger) and b. let sanctioned companies publish their apps (sberbank). I haven't heard a single word about caring for user freedom.
P.S. just for laughs: Since it's currently (almost)impossible to install alternative appstores, stores and online marketplaces selling iphones now label them as "defective" [3]: below title "Имеется недостаток товара: невозможно установить и использовать RuStore" = "Defect: impossible to install and use RuStore"
[1] (ru) https://www.ixbt.com/news/2025/07/07/apple-rustore-iphone-ip...
[2] (en) https://meduza.io/en/feature/2025/06/27/an-app-store-ultimat...
The same podcast episode - the latest one - said that Apple isn’t selling in Russia right now so the point is moot.
Why wouldn't they? If Apple doesn't comply, the Indian government could force them to withdraw from the market or otherwise make their lives difficult. I can't see Apple or their shareholders caring about privacy enough to abandon such a large market.
have you seen what Tim Apple has been up to lately with his own government?
Do they actually have a choice? Usually with laws and orders from the government, you can't do much than either go with the flow, try to lobby against it afterwards, or straight up refuse and leave the market. Considering Apple's ties to India, I feel like Apple is unlikely to leave, so that really only leaves Apple with the first; comply and complain.