India scraps order to pre-install state-run cyber safety app on smartphones (opens in new tab)

(bbc.com)

204 pointswolpoli3mo ago67 comments

67 comments

The only upshot of this whole saga seems to be an increased awareness (though a small bit) in general public about importance of privacy in the digital world. Most of the media outlets (both English and regional language newspapers) provided a prominent coverage of this news.

alephnerd3mo ago

It was Apple's pushback that lead to the DoT backing down [0], but they will most likely either try to push this again if they are able to assuage Apple (eg. drop the $38B anti-trust bill [1]), or will potentially adopt China- and Vietnam-style data sovereignty regulations.

English speaking urban Indians are loud on English media but ultimately don't matter for political decisions because they can't actually flip an LA or LS election. You need to either be a significant voting bloc or a major economic bloc to become a veto player in any country.

[0] - https://www.reuters.com/sustainability/boards-policy-regulat...

[1] - https://www.reuters.com/sustainability/boards-policy-regulat...

akudha3mo ago

Will the increased awareness change anything though? After Snowden, nothing seemed to have changed, it just seems to be getting worse.

Most likely, Indian government will try again

lern_too_spel3mo ago

After Snowden, the single illegal U.S. surveillance program he leaked was shut down, the browser vendors essentially forced https everywhere, companies encrypted their WANs, and E2EE became popular in consumer applications. That's just off the top of my head.

1 more reply

cookiengineer3mo ago

Come to the dark side, we got no cookies but gophers here.

yumraj3mo ago

India is the biggest market for WhatsApp, not sure about FB. I doubt general population cares about privacy or even understands what it means.

nephihaha3mo ago

If this means what I think it does, it's good news... But unfortunately, I've a nasty feeling that this will be attempted again and again until it sticks.

We shouldn't call it "cyber safety" as that is a loaded phrase here. Obviously other considerations were part of it.

subscribed3mo ago

They'll wait for UK/AU/EU to enforce one first.

Like with the chat control in the EU now, the foot is already blocking the door

MonkeyClub3mo ago

Yeah, I'm with sateesh in a sibling comment in that this is a win for the digital citizenry's awareness, but I also agree with you that when the EU caves in everyone else will follow.

And I'm sure in the end it will cave in. The "they" have a clear plan supported by infinitely more patience and resources than the "us" can muster, and the von der Leyen presidency has shown clear signs of direction towards more control, less privacy (by weakening the GDPR), and less of the good kind of regulation in industry.

As an EU citizen, I'm very unhappy with the Union's recent direction.

But, at least for now, hooray for the temporary victory on the Indian front!

kamaal3mo ago

Looks like the complaining and protesting on Twitter helped, even if was serious, and some just memes. Somethings to note-

1. Most Indian bureaucracy is clueless about tech things, and just goes by whatever somebody who sounds like techy enough is selling them. Which in this case I'm guessing is a data mining company/lobby.

2. The information derived can be used for various purposes. Plotting election trends, economics, spotting general trends pro/against politics and other nefarious causes. etc.

3. Spying.

4. Using information to go after political opponents.

5. Demographic targeting, which in Indian context almost always means a pogrom against groups, which other groups don't like.

6. Selling data to commercial entities for better targeting, or even social engineering buying choices etc.

There could be many others. But its kind of nice that it was taken back. Having said this, it will be pushed again at some point when people are busy with a crisis and this will be sold as a fix.

Tade03mo ago

I believe Apple's resistance to this notion played a role.

spprashant3mo ago

They ll make it mandatory to access critical services at a later point. Tax payments, utility enrollments stuff like that.

That is how they ramped up enrollment in Aadhaar UID.

jeswin3mo ago

In a country with dozens government supplied IDs, Aadhaar has been a godsend for the common man. It's one card to open a bank account, buy a SIM card, apply for a loan, enter an airport, or whatever.

I held out for many years due to privacy reasons. In the end, I changed my mind - its just immensely useful to the general public.

arunabha3mo ago

You just demonstrated first hand the point made by GP. When the supreme court ordered the Govt to cease making Aadhaar mandatory, they just responded by adding so much friction to daily life without Aadhaar that most people, including privacy conscious folks like you just gave in.

4 more replies

mandeepj3mo ago

Congratulations! Your data is already sold out for Rs. 40 in black market! Also, why do you need aadhar to enter airport?

Now, the morons in charge are making it mandatory to book a gas cylinder as well. It’s like once a blind suddenly starts seeing, he wants to capture everything.

2 more replies

aiauthoritydev3mo ago

Indians have this crazy love for idiotic paperwork and nitpicking around paperwork, coupled with mostly low IQ and less educated clerks everywhere it becomes worse. I once submited my PAN and Passport to the bank who refused it claiming the spellings of both names do not match as my middle name was shortened on PAN card. I showed them that my photo is present on both and both cards belong to the same person. But nopes.

A friend then showed me that he downloaded aadhar PSD online, put a random invalid number, his photo and a non-existent address on the bank and used it everywhere where people were asking for aadhar without any need. Building and Airport security, Hotel reservation staff, Bus tickets and so on and used real aadhar only for banking and sim cards. He said this simplifies life a lot.

2 more replies

sateesh3mo ago

I think this point is bit orthogonal. The current outrage was largely because the app has to be pre-loaded and there wasn't an option to disable or uninstall it.

In the later incarnations, if this is an app which you need to access government services that is less of an issue, though I'm not advocating that this is completely fine. There are already apps like these CoWin (during Covid time), or Digiyatra (despite some of the privacy concerns around it [1]) which many are using. I hope if at all this app gets introduced (in the form you mention) there are larger discussions about permissions and the data access the app would need,and it can be disabled, uninstalled.

1. https://internetfreedom.in/digiyatra-who-owns-your-data/

spprashant3mo ago

Agreed on all points.

I don't view these apps as net negative for a country like India which is helped immensely by digitization.

My comment was just pointing out that governments have a way to get you install the app if they really need to.

arunabha3mo ago

Exactly! Politics as usual in India.

Arnt3mo ago

The app itself seems to be a reinvention of https://www.gsma.com/solutions-and-impact/connectivity-for-g... which is good I suppose, but why not use the original registry?

kylehotchkiss3mo ago

Appetite for `Make in India` and favor for homegrown solutions. Indian gov/companies is more capable of delivering a solution better suited for the many local languages. Instead of mandating, they should just try to put some more minds together and make a general purpose India super app to help citizens access gov services that isn't PayTM.

Arnt3mo ago

I don't see why the languages matter. AFAICT, the major factor here is making a stolen phone useless on as many networks as possible. The point of the GSMA registry is that one shouldn't be able to ship a stolen phone across the border (to Pakistan/Bangladesh/China) and sell it.

notepad0x903mo ago

Do people have rights around the world, to not use a smartphone or the internet to access critical services/commerce? Shouldn't that be a thing if not?

stackedinserter3mo ago

Canadian government must provide services for blind and deaf people via Teletype or something, so at least state services are covered.

The question is what makes service critical. Is Expedia or Uber critical?

notepad0x903mo ago

Travel counts, sure. Food, travel, accommodations/rent/housing. Freedom to eat, to have shelter, to move about, start a business or trade with other people. New technology should not result in a reduction of freedoms, or even privileges.

1 more reply

gamesbrainiac3mo ago

This was never going anywhere and if the Indian government thought it could get away with effectively installing spyware, then they were just self indulgent.

ignoramous3mo ago

Bugging communication devices has long been a government / law enforcement tactic, mostly enabled by telcos via ITU, which since its inception has been a willing collaborator.

Ex A: Ind x ITU, https://cis-india.org/internet-governance/blog/india-itu-res...

Ex B: China x ITU, https://datatracker.ietf.org/liaison/1677/

gamesbrainiac3mo ago

It has been, but getting Apple to do it was dumb. They could've just used a government app that everyone has to use, and put the bugging in there.

kylehotchkiss3mo ago

this glosses over the point that they could have just accomplished that with already effectively required UPI apps

tensegrist3mo ago

previously: https://news.ycombinator.com/item?id=46104193

ChrisArchitect3mo ago

Gov release: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re... (https://news.ycombinator.com/item?id=46132822)

stonecharioteer3mo ago

https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re...

Read between the lines?

> Given Sanchar Saathi’s increasing acceptance, Government has decided not to make the pre- installation mandatory for mobile manufacturers.

silisili3mo ago

I've not been following this closely, but reading the headlines each day....is the timeline roughly -

India: Every phone must install a cyber safety app

Apple: No

India: OK, nevermind

alephnerd3mo ago

Pretty much.

Apple has been a massive driver for India's electronics manufacturing boom, because it's Apple that has been strongarming it's suppliers like Foxconn and Envision to start manufacturing (not just assembling) in India - just like how Apple helped turbocharge China's electronics upskilling in the late 2000s and early 2010s which helped Apple vendors like BYD and BOE become global competitors in the 2020s.

Tata Group has also become an Apple vendor now as well for both assembly as well as chip packaging, so they probably helped arbitrate.

Apple and India are also negotiating over a potential $38B anti-trust bill [0] which is a significantly higher priority for both parties.

[0] - https://www.reuters.com/sustainability/boards-policy-regulat...

sidcool3mo ago

BBC news about India has been so negative in the past few years, I have stopped trusting them. Of course there are other news about them spoofing videos.

boltzmann643mo ago

This is the standard playbook. And the gov just pulled a switcheroo:

Policy that is hard to pass: SIM binding for all messenger apps and automatic log out every 6 hours for desktop apps.

Even more egregious policy: Pre-install spyware that cannot be disabled.

Withdraw the egregious policy on outrage, and people think they have won the battle.

clot273mo ago

outrage works

unmole3mo ago

Outrage works when the party in government doesn't have an outright majority in parliament.

j / k navigate · click thread line to collapse

67 comments

sateesh3mo ago

alephnerd3mo ago

[0] - https://www.reuters.com/sustainability/boards-policy-regulat...

[1] - https://www.reuters.com/sustainability/boards-policy-regulat...

akudha3mo ago

Will the increased awareness change anything though? After Snowden, nothing seemed to have changed, it just seems to be getting worse.

Most likely, Indian government will try again

lern_too_spel3mo ago

1 more reply

cookiengineer3mo ago

Come to the dark side, we got no cookies but gophers here.

yumraj3mo ago

India is the biggest market for WhatsApp, not sure about FB. I doubt general population cares about privacy or even understands what it means.

nephihaha3mo ago

If this means what I think it does, it's good news... But unfortunately, I've a nasty feeling that this will be attempted again and again until it sticks.

We shouldn't call it "cyber safety" as that is a loaded phrase here. Obviously other considerations were part of it.

subscribed3mo ago

They'll wait for UK/AU/EU to enforce one first.

Like with the chat control in the EU now, the foot is already blocking the door

MonkeyClub3mo ago

Yeah, I'm with sateesh in a sibling comment in that this is a win for the digital citizenry's awareness, but I also agree with you that when the EU caves in everyone else will follow.

As an EU citizen, I'm very unhappy with the Union's recent direction.

But, at least for now, hooray for the temporary victory on the Indian front!

kamaal3mo ago

Looks like the complaining and protesting on Twitter helped, even if was serious, and some just memes. Somethings to note-

2. The information derived can be used for various purposes. Plotting election trends, economics, spotting general trends pro/against politics and other nefarious causes. etc.

3. Spying.

4. Using information to go after political opponents.

5. Demographic targeting, which in Indian context almost always means a pogrom against groups, which other groups don't like.

6. Selling data to commercial entities for better targeting, or even social engineering buying choices etc.

There could be many others. But its kind of nice that it was taken back. Having said this, it will be pushed again at some point when people are busy with a crisis and this will be sold as a fix.

Tade03mo ago

I believe Apple's resistance to this notion played a role.

spprashant3mo ago

They ll make it mandatory to access critical services at a later point. Tax payments, utility enrollments stuff like that.

That is how they ramped up enrollment in Aadhaar UID.

jeswin3mo ago

In a country with dozens government supplied IDs, Aadhaar has been a godsend for the common man. It's one card to open a bank account, buy a SIM card, apply for a loan, enter an airport, or whatever.

I held out for many years due to privacy reasons. In the end, I changed my mind - its just immensely useful to the general public.

arunabha3mo ago

4 more replies

mandeepj3mo ago

Congratulations! Your data is already sold out for Rs. 40 in black market! Also, why do you need aadhar to enter airport?

Now, the morons in charge are making it mandatory to book a gas cylinder as well. It’s like once a blind suddenly starts seeing, he wants to capture everything.

2 more replies

aiauthoritydev3mo ago

2 more replies

sateesh3mo ago

I think this point is bit orthogonal. The current outrage was largely because the app has to be pre-loaded and there wasn't an option to disable or uninstall it.

1. https://internetfreedom.in/digiyatra-who-owns-your-data/

spprashant3mo ago

Agreed on all points.

I don't view these apps as net negative for a country like India which is helped immensely by digitization.

My comment was just pointing out that governments have a way to get you install the app if they really need to.

arunabha3mo ago

Exactly! Politics as usual in India.

Arnt3mo ago

The app itself seems to be a reinvention of https://www.gsma.com/solutions-and-impact/connectivity-for-g... which is good I suppose, but why not use the original registry?

kylehotchkiss3mo ago

Arnt3mo ago

notepad0x903mo ago

Do people have rights around the world, to not use a smartphone or the internet to access critical services/commerce? Shouldn't that be a thing if not?

stackedinserter3mo ago

Canadian government must provide services for blind and deaf people via Teletype or something, so at least state services are covered.

The question is what makes service critical. Is Expedia or Uber critical?

notepad0x903mo ago

1 more reply

gamesbrainiac3mo ago

This was never going anywhere and if the Indian government thought it could get away with effectively installing spyware, then they were just self indulgent.

ignoramous3mo ago

Bugging communication devices has long been a government / law enforcement tactic, mostly enabled by telcos via ITU, which since its inception has been a willing collaborator.

Ex A: Ind x ITU, https://cis-india.org/internet-governance/blog/india-itu-res...

Ex B: China x ITU, https://datatracker.ietf.org/liaison/1677/

gamesbrainiac3mo ago

It has been, but getting Apple to do it was dumb. They could've just used a government app that everyone has to use, and put the bugging in there.

kylehotchkiss3mo ago

this glosses over the point that they could have just accomplished that with already effectively required UPI apps

tensegrist3mo ago

previously: https://news.ycombinator.com/item?id=46104193

ChrisArchitect3mo ago

Gov release: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re... (https://news.ycombinator.com/item?id=46132822)

stonecharioteer3mo ago

https://www.pib.gov.in/PressReleasePage.aspx?PRID=2198110&re...

Read between the lines?

> Given Sanchar Saathi’s increasing acceptance, Government has decided not to make the pre- installation mandatory for mobile manufacturers.

silisili3mo ago

I've not been following this closely, but reading the headlines each day....is the timeline roughly -

India: Every phone must install a cyber safety app

Apple: No

India: OK, nevermind

alephnerd3mo ago

Pretty much.

Tata Group has also become an Apple vendor now as well for both assembly as well as chip packaging, so they probably helped arbitrate.

Apple and India are also negotiating over a potential $38B anti-trust bill [0] which is a significantly higher priority for both parties.

[0] - https://www.reuters.com/sustainability/boards-policy-regulat...

sidcool3mo ago

BBC news about India has been so negative in the past few years, I have stopped trusting them. Of course there are other news about them spoofing videos.

boltzmann643mo ago

This is the standard playbook. And the gov just pulled a switcheroo:

Policy that is hard to pass: SIM binding for all messenger apps and automatic log out every 6 hours for desktop apps.

Even more egregious policy: Pre-install spyware that cannot be disabled.

Withdraw the egregious policy on outrage, and people think they have won the battle.

clot273mo ago

outrage works

unmole3mo ago

Outrage works when the party in government doesn't have an outright majority in parliament.

j / k navigate · click thread line to collapse