India orders smartphone makers to preload state-owned cyber safety app

Original Article ↗ Hacker News Discussion ↗

Mandated “cyber safety” app and what it does

  • Order requires OEMs to preload the government’s Sanchar Saathi app and initially said it must be visible at setup and not disabled; later a minister claimed it is “optional” and can be deleted, and a follow‑up notification reportedly withdraws the mandatory preinstall.
  • The app’s advertised features: report scam calls/SMS/WhatsApp; block/track lost or stolen phones via IMEI; list all SIMs registered to your ID and let you cancel fraudulent ones; verify IMEI/device “genuineness”.
  • Permissions on Android reportedly include phone/SMS logs and sending SMS; on iOS it’s more limited. One user says it’s mostly a website wrapper that made reporting scams easy and dramatically cut scam calls.

Compliance and leverage over Apple/Google/Samsung

  • Many argue large vendors will comply: India is now a major manufacturing base and key growth market, and has already shown it can wield antitrust, tax and market-access pressure.
  • Others counter Apple has fought governments before and both sides have leverage: India wants jobs and prestige; Apple wants access to consumers and production capacity.
  • Several point out Apple and Google already adapt to local rules (Russia splash screens, Chinese data residency, UK iCloud changes), so precedent for concessions exists.

Security rationale vs surveillance risk

  • Supporters highlight India’s massive cyber‑fraud problem: social‑engineering scams, “digital arrest” calls, mule accounts, predatory loan apps that extort with stolen photos, and weak enforcement. For a largely non‑technical population, a central anti‑fraud tool seems attractive.
  • Critics say you don’t need a non‑removable state app to regulate financial crime or terrorism; this is effectively a centrally mandated backdoor tied to identity, creating a huge national‑security and civil‑liberties risk and a CrowdStrike‑style single point of failure.
  • A recurring theme: “it doesn’t matter what it does today; once installed and normalized, it can be silently updated to do anything.”

Open platforms, custom ROMs, and practical limits

  • Some see this as proof users must control their devices (unlocked bootloaders, LineageOS, GrapheneOS).
  • Others note practical barriers: GrapheneOS only on Pixels, custom ROMs break attestation so banking/UPI/government apps refuse to run, and in India police can seize phones without a 4th‑Amendment‑style shield; using hardened OSes may itself be treated as suspicious.

Digital ID and longer‑term authoritarian drift

  • Commenters connect this to Aadhaar mission creep (biometrics “voluntary” on paper, de‑facto mandatory), SIM KYC, and proposed digital IDs in the UK/EU.
  • Worry: once identity, payments, and phones are tightly coupled, governments can trivially track, selectively target opponents, or “switch off” individuals, even if the initial justification is fraud, child safety, or terrorism.