66 comments
It is happening, in spite many won't really deeply believe. Every day 33 brits are arrested for what they say online.
It's happening, and it's time we say no. It's uncomfortable, but we need to do it en masse, right now.
Do not buy backdoored hardware, help others get rid of the backdoors, use anonymous technology to organize protests.
There has to be a line.
I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.
I abhor any decision that robs even a grain of my individual freedom.
The problem iscontrolling people at intimate thought level. Sure education is part of it. But state controlled device tracking everything they say, where they go and who they are exchanging with is also a tool to leverage on in that perspective.
I share your abhorrence but are you really shocked? "Think of the children", "Stop the terrorists," these have been the foundations for the erosion of personal liberty for the past thirty years.
And long before that too, it's just taken different soundbites that play on people's fears at the time.
First they came for the etc, etc...
> improved education and targeted campaigns against common security pitfalls
Which doesn't work. At all. A familiarity with the last 40 years of computing makes that clear.
The only things that have worked: ios/android walled gardens so users can't install spyware. yubikeys which can't be phished. etc.
the good news is that I'm personally on my last few years online. I don't think there's anything really worthwhile in this space to do as a contributor or even as a consumer
I have to say I'm really surprised that I didn't find "fighting CP & terrorism" as the main push for this.
Horrible for a so-called democratic country …
Very concerning. I will be suprised if companies like apple comply though.
Do they actually have a choice? Usually with laws and orders from the government, you can't do much than either go with the flow, try to lobby against it afterwards, or straight up refuse and leave the market. Considering Apple's ties to India, I feel like Apple is unlikely to leave, so that really only leaves Apple with the first; comply and complain.
> Do they actually have a choice?
Yes. Apple's revenues are half as much as the government of India's [1][2]. That's a resource advantage that gives Cupertino real leverage against New Delhi.
[1] https://www.apple.com/newsroom/2025/10/apple-reports-fourth-... $102.5bn / quarter
[2] https://en.wikipedia.org/wiki/List_of_countries_by_governmen... $827bn / year
Like any business Apple needs growth to satisfy the shareholders. New growth would come from India and China. Apple didn't leave China and neither it will leave India. India can and will survive without Apple. Though having it in the country would be good for optics.
The moment mobile companies locked down sideloading, ability to uninstall bundled software, etc., they made it impossible to argue against bundled, uninstallable software from the government.
Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China.
Also, they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate’.
Apple is, at the end of the day, just a business.
> Apple need India though. They’re moving a lot of their manufacturing there to derisk from a China
That creates obligations both ways. Put another way, Apple is an increasingly-major employer in India.
The real carrot New Delhi has is its growing middle class. The real carrot Apple has is its aspirational branding.
> they gave in to the CCP and always say ‘we obey the laws of the countries in which we operate'
Apple regularly negotiates and occasionally openly fights laws its disagrees with. This would be no different. Cupertino is anything but lazy and nihilistic. Mandated installation opens a door they've fought hard to keep shut because it carries global precedent.
As concerning as it is, this is just another addition to the pile of malware that a modern smartphone is. Everyone including SoC manufacturer, RF baseband manufacturer, OEM, OS developer, browser developer and app developers add their own opaque blobs, hidden executable rings, lockdown measures, attestation layers, telemetry, trojan apps, hidden permissions and more.
We lost the game when we allowed these players to impose limits on us in the way we can use the device that we bought with our hard earned money. Even modifying the root image of these OSes is treated like some sort of criminal activity. And there are enough people around ready to gaslight us with the stories about grandma's security, RF regulations, etc. Yet, its the extensive custom mods like Lineage OS that offer any form of security. Their extensive lockdown only leads to higher usage costs and a mountain of malware.
We really need to demand control over our own devices. We should fight to outlaw any restrictions on the ways we can use our own devices. We should strongly condemn and shame the people who try to gaslight us for their greed and duplicity.
have you seen what Tim Apple has been up to lately with his own government?
You shouldn't be: https://news.ycombinator.com/item?id=26644216
Why wouldn't they? If Apple doesn't comply, the Indian government could force them to withdraw from the market or otherwise make their lives difficult. I can't see Apple or their shareholders caring about privacy enough to abandon such a large market.
> I will be suprised if companies like apple comply though
They will.
All tech companies already comply with India's IT Act. And India now manufactures 44% of all iPhones sold in the US [0] while facing the threat of a $38B anti-trust fine [5], so Apple doesn't have much of a choice because both China and Vietnam (the primary competitors for this segment of manufacturing) have similar regulations. Same with Samsung at 25% in CY24 [1] which is also trying to further entrench itself in India [2][7][8] due to existential competition from Chinese vendors [3][6].
Heck, Apple complied with similar regulations in Russia [5] before the Ukraine War despite being a smaller market than India with no Apple manufacturing, engineering, or capex presence.
All large companies who face existential threats from Chinese competitors have no choice but to entrench in India as it's the only large market with barriers against direct Chinese players - ASEAN has an expansive FTA with China which has lead both South Korea, Japan, and Taiwan to lose their staying power in countries like Vietnam, Indonesia, and Thailand where Chinese competitors are being given the red carpet, and Brazil is in the process of one as well.
And the Indian government is taking full advantage of this to get large companies to bend to Indian laws, as can be seen with the damocles sword of tax enforcement on Volkswagen [3] while negotiating an FTA with the EU and a potential $38B anti-trust fine against Apple [4] while negotiating a BTA with the US. It's the same playbook China used when it was in India's position today in the late 2000s and early 2010s.
[0] - https://scw-mag.com/news/apples-supply-shift-to-india-speeds...
[1] - https://www.techinasia.com/news/samsung-to-broaden-manufactu...
[2] - https://www.chosun.com/english/industry-en/2025/11/25/SLEYWT...
[3] - https://www.digitimes.com/news/a20251118VL205/2030-samsung-s...
[4] - https://www.reuters.com/sustainability/boards-policy-regulat...
[5] - https://www.macrumors.com/2021/03/16/apple-to-offer-governme...
[6] - https://www.businesskorea.co.kr/news/articleView.html?idxno=...
[7] - https://www.digitimes.com/news/a20250903PD208/samsung-india-...
[8] - https://www.digitimes.com/news/a20241212PR200/samsung-india-...
This is the Achilles heel of having a closed platform. Eventually the government dictates what's supposed to be in it.
Even an open platform would do nothing. If you are a suspect, your phone would be checked in person (India doesn't have the concept of the 4th Amendment, and police demanding physical access to your phone during a search is routine) and if you were using something like GrapheneOS, it would be used as evidence against you. Indian law enforcement has already used access to Signal and Telegram as circumstantial evidence in various cases, and it's a simple hop to create a similar circumstantial evidence trail with someone using GrapheneOS.
And anyhow, major Android vendors like Samsung have aligned with the policy as well.
If it was open, truly open, wouldn't using GrapheneOS be easier and far more common than it is now?
FUD
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
>Even in mainland China [..] Apple does not pre-install any apps from anyone.
That's because China has no regulation obliging them to do so.
China takes the other, more comprehensive, route to privacy invasion. Sucking up every bit of data at the router.
The GFW is certainly looking for traffic to block, but it is not really going to invade much privacy, as it cannot decrypt anything using HTTPS/TLS.
China don't require pre-installed apps but the Chinese government require all data processing and storage to be conducted within China with complete source code access. India chose to back off on data sovereignty [0] because it would have had a side effect of making Indian IT Offshoring less competitive.
[0] - https://verfassungsblog.de/cross-border-data-flows-and-india...
I don't think there is any reason to assume they would allow forced code execution just because they allow data residency for mainland accounts. And unfortunately, China is likely a much larger and more profitable consumer market than India - presumably they can still export phones produced inside India without this.
And these mofos complied to the request to block VPN apps on iPhones in Russia. Think about companies that cooperated with the Nazis.
What stops someone from loading GrapheneOS on their (Indian) Android phone?
... secure boot?
I don't understand "just load GrapheneOS" sentiments. It only runs on extremely specific flagship devices with explicit features that allow it that are out of financial and technical reach for >99.9% of population of Earth and it still fully relies on AOSP. It's an escape hatch for mice. Or is it really not that way?
It will be used as evidence that the person who has GrapheneOS on their phone is attempting to break the law. Telegram and Signal chats are often used as circumstantial evidence of malfeasance in Indian national security cases, so the jump to using GrapheneOS as evidence of malfesance is tiny.
FUD
"With 5 million total downloads - the app has saved 3.7 million lost phones", this somehow doesn't add up for me, as this implies more than 74% of phones are stolen? Or this this govt lying to pad the numbers to make the app look like a sheep in wolves clothing.
Do we have a breakdown of what this app actually does?
- Report fraud/scam calls and SMS directly from your phone.
- Block or track lost/stolen phones by disabling their IMEI so they can’t be misused.
- View all mobile numbers registered under your ID and report any unauthorized SIM cards.
- Verify if a phone is genuine with an IMEI/device authenticity check.
- Report telecom misuse, such as spoofed calls or suspicious international numbers.
The stated goal is protect users from digital fraud and safer telecom usage, who knows how good it’ll be. Probably a PITA.
Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India. Here's some additional context from a previous thread on HN [0]
[0] - https://news.ycombinator.com/item?id=40476498
------
Edit: Can't reply
Lots of old phones still exist, so a virtual/eSIM does nothing to give visibility into those devices.
Also, India wants to own the complete end-to-end supply chain for electronics like what China did in the early 2010s, so India has been subsidizing legacy, high commodity electronic component manufacturing [0] - of which physical SIMs are a major component. A mix of international [1][2] and domestic players [3] have been leveraging physical SIM manufacturing in India as a way to climb up the value chain.
On a separate note, this is why I keep harping about India constantly - I'm starting to see the same trends and strategies arising in Delhi like those we'd see the PRC use in the late 2000s and early 2010s. No one took the PRC seriously until it was too late, and a similar thing could arise with India - we as the US cannot win in a world where 3 continental countries (Russia, China, India) are ambivalent to antagonistic against us. Even Indian policy papers and makers increasingly reference and even copying the Chinese model when thinking about policy or industrial development.
[0] - https://www.investindia.gov.in/team-india-blogs/electronics-...
[1] - https://www.idemia.com/press-release/idemias-production-faci...
[2] - https://www.trasna.io/blog/trasna-eyes-asian-iot-growth-as-i...
> Basically IMEI stamping because sim card purchase with ID has come to be viewed as flawed/compromised by NatSec types in India
Why not mandate virtual SIMs?
I assume that in the US, the major manufacturers of phones and their operating systems already have backdoors for national security reasons. I think back to the past leaks from Snowden regarding the PRISM program. That program specifically included Google and Apple cooperating with the government under the FISA Amendments Act of 2008.
So while this state-owned cyber safety app is authoritarian, I wonder if it reflects just the most practical way India’s government can achieve the same things that the US has.
I am not defending it's use but a secret program is a targeted program, you can't use it in sweeping arrests without parallel construction. Whereas with an openly existing program you can point out that someone has been talking to their friend about how to get abortion medication and arrest them.
The real issue with 100% enforcement of law is it requires a society with differing values to not just agree on which laws exist but what just punishment is. Without leeway for differing social judgement or bifurcation.
Honestly shocked it took this long for governments to start doing this; it seemed inevitable that governments would want all the data private entities have been enjoying.
More and more it seems like the benefits of being connected are not worth the cost of being so visible to so many hostile (state and non-state) actors
Yeah, internet is a dead star in so many ways this days. Repetitive, addictive and a private data sucker. I'm already starting to buy programming books and offline content preparing for a radical semi-disconnection.
I don't get it. Don't many if not most of these scams originate from India? Wouldn't it be better to stop the scammers directly?
If their goal was to increase the security for their citizens, you would have a point
Actually it’s Cambodia now.
ref: "the new tobacco"
this last year i'm seeing very concerning behavior in students in the 14-20 range. complete addiction to their phones. very deep interests in things i was completely unaware that they existed. similar to how when i started noticing anime girlfriends/waifus in 2016.
about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
if society doesn't do something, and soon, say goodbye to the cognitive ability of a large chunk of future generations.
> very deep interests in things i was completely unaware that they existed ... say goodbye to the cognitive ability of a large chunk of future generations
I would think very deep interests in niche or obscure topics is correlated with increased cognitive ability, not a decrease.
anime waifus?
> about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.
I feel like the same could be said of an at the time adult looking at my IRC or MSN Messenger logs from when I was a teen.
Google, the phone manufacturer and now the state running bloatware on my phone. I will have three dialers, calendars, etc. All of them uninstallable
Get GrapheneOS. The installation is painless and the OS surperior. No mainstream phone OS is viable in the privacy and security nightmare of today.
What should have happened is that they should have forced mobile vendors to allow users to uninstall all apps. What actually happened is that they are asking for their app to be installed as well, sigh.
[dead]
I wouldn’t venture in the direction that many here will take.
I will point out that India have the highest number of victims of cyber-fraud. I personally know many people who have lost significant sums through social engineering attacks. The money is transferred to multiple mule accounts and physical cash is siphoned off to the fraudsters by the owners of those account. They choose helpless, illiterate, village dwelling account holders for this.
Another huge issue is unregulated loan apps. There are horror stories of people installing apps in order to take high-interest loans and then those apps stealing their private photos and contacts or accessing camera to take photos in private moments, and then sending those photos to contacts via WhatsApp when interest payment is overdue.
Then there are obvious security issues with terrorism and organized crime.
The government wants data. It's clear why. There is huge potential for misuse.
> I will point out that India have the highest number of victims of cyber-fraud
Combined with worst enforcement and investigation efforts to tackle this issue. Cases filed in Cybercrime go on forever.
Worse yet people use the cyber crime provision to take revenge. People can file frivolous cases without proof, get accepted the cybercrime branch and your account gets locked. Banks will treat you with disdain and police will tell you to settle privately to get the complaints withdrawn.
What about investigations you ask? Nothing happens. Local police is brought in to file the FIR and they don't even know what is "cyber" in cyber crime.
So, yes it is easy to talk about victims when the policies are lacking. And then this high number of victims can be used as a crutch to push insecure apps on everyone's phones. The worst part of it? They will get data and still remain inept to solving the high number of cyber crimes.
Gonna agree with you, even Singapore has announced several policy changes the past few weeks to deal with all the fraud - more severe punishment and forcing apple to change how iMessage spam with .gov.sg domains is handled.
I don't think this new app will resolve India's fraud issues unfortunately, there probably needs to be more policy changes at banks/fincos. As much as India obsesses with KYC processes, it doesn't seem to be working/enough. I don't see this new app being required as something totalitarian, it would be much easier for the gov to ask for that type of stuff to be tacked on to UPI apps anyways.
Yeah this is the wrong audience for this argument, but it has merit. An app like this can be both a massive government power grab and useful to protect many, many people who are vulnerable to fraud.
The number of my relatives that will just believe whatever someone tells them on the phone is terrifying.
And you trust the government to only use it for good purposes? and not to track people who may be protesting or belong to opposing political/religious/cultural views? We know based on historical pegasus complaints that this trust has to be earned and can't be given.
There are lots of ways to solve for this, mandating that these companies own the identification process through their systems, report misuse, govern apps. Why taken on the ownership of a process that is better handled outside of government while the government holds them to account via huge fines and timelines but giving these large companies ownership of protection from scams or stolen phones etc...? win win and I think these large companies are due spending extra money to protect their users anyway.
Automatic mistrust of the government is a pretty juvenile take. Yes there are tons of ways, and having OEMs preload an app is the easiest one in a country of 1.1B mobile connections.
> Automatic mistrust of the government is a pretty juvenile take.
This statement seems naive at best and manipulative at worst.
> I will point out that India have the highest number of victims of cyber-fraud
Based on what?
> Another huge issue is unregulated loan apps
You don't need to root everyone's phones to regulate financial crime.
> Then there are obvious security issues with terrorism and organized crime
India is building a centralised backdoor into every phone in the country. That's a massive national security risk.
The way for the community to fight this is to keep finding holes in the app until they stop trying to put one on.
> way for the community to fight this is to keep finding holes in the app until they stop trying to put one on
I'm not familiar with Indian activist tradition. But if we look at other countries where this happened, the technical attacks didn't work. It had to be done through policy, instead.