The Indian government has ordered Apple and other smartphone manufacturers to pre-install a state-owned “security” app on all phones before they are sold to users.
Adding fuel to the privacy fire, the government is also requiring smartphone makers to ensure that the app cannot be removed by users …
Reuters reports that those who already own iPhones won’t escape either: Apple and others are also being instructed by the Department of Telecommunications (DoT) to push the app to existing phones via a software update.
The November 28 order, seen by Reuters, gives major smartphone companies 90 days to ensure that the government’s Sanchar Saathi app is pre-installed on new mobile phones, with a provision that users cannot disable it.
For devices already in the supply chain, manufacturers should push the app to phones via software updates, the ministry said in its order, which was not made public and was sent privately to select companies.
The government is framing it as a way to help users recover lost and stolen phones, but it ensures that all phones can be tracked by the government, with obvious implications for user privacy.
India Express reports that this move follows another DoT dictat that requires end-to-end encrypted messaging apps to link to the unique electronic serial number of the SIM.
Right now, services like WhatsApp verify a user’s identity by sending a one-time password (OTP) to their mobile number. But, to follow the DoT’s directive, they will have to start accessing the IMSI of their SIM cards. IMSI stands for International Mobile Subscriber Identity, and is a unique number that identifies every mobile subscriber globally. It is stored on the SIM card.
Since SIMs cannot be purchased without government ID, this would allow the government to determine the identity of any WhatsApp user.
9to5Mac’s Take
Apple is likely to push back, hoping to persuade the government to agree to a less extreme policy like offering the app to users during setup and allowing wording that encourages them to install it.
However, ultimately, if negotiations are unsuccessful, it will have to comply with the law. Apple has already been forced to compromise user privacy in China by storing iCloud data on servers owned by a company directly linked to the Chinese government. Apple has also removed VPN and foreign news apps from its Chinese App Store when instructed to do so.
As with China, Apple is in a double-bind here as India is not only a growing market for the company’s products, but also an increasingly important manufacturing centre. Withdrawing from that market in order to uphold its values is not a practical option.
Highlighted accessories
Photo by Chris Yang on Unsplash
FTC: We use income earning auto affiliate links. More.
