India orders smartphone makers to preload state-owned cyber safety app

If it can be abused, it will be abused. Corruption exists anywhere humans exist. Convenience and security are the bait. Why do people want to be caged?

I'm shocked by people and state using the crutch of cyber crime or scams to push a totalitarian solution to a problem that is better solved by improved education and targeted campaigns against common security pitfalls.

I abhor any decision that robs even a grain of my individual freedom.

Sounds so authoritarian. Luckily, in the UK you only have to scan your face and ID to access cat photos.

> With more than 5 million downloads since its launch, the app has helped block more than 3.7 million stolen or lost mobile phones, while more than 30 million fraudulent connections have also been terminated.

I might be reading this wrong but these numbers seem very weird. Did more than half the people who downloaded the app block a stolen phone? And did each person who downloaded the app terminate 6 fraudulent connections?

I wonder if this will cause a reduction in remote jobs for citizens. Compliance with US laws like HIPAA and FERPA have strict requirements regarding access. Many employees use 2FA on their personal devices, which if passed this law would interfere with.

Indian government is big on pronouncements.

It will be a garbage app that most likely will not work, considering the historical incompetence of the Indian government's expertise in all things tech.

I am pretty certain Apple and Samsung will pay off someone in the government.

The more I see stuff like this, the more I think "you know, I don't think the world is collapsing, I think the old world is collapsing." Governments in their current form are increasingly becoming irrelevant (h/t to "The Fourth Turning") and actions like this prove it.

What does this app actually do, in detail? Anyone know?

Do we have a breakdown of what this app actually does?

Very concerning. I will be suprised if companies like apple comply though.

What stops someone from loading GrapheneOS on their (Indian) Android phone?

"With 5 million total downloads - the app has saved 3.7 million lost phones", this somehow doesn't add up for me, as this implies more than 74% of phones are stolen? Or this this govt lying to pad the numbers to make the app look like a sheep in wolves clothing.

I wouldn’t venture in the direction that many here will take.

I will point out that India have the highest number of victims of cyber-fraud. I personally know many people who have lost significant sums through social engineering attacks. The money is transferred to multiple mule accounts and physical cash is siphoned off to the fraudsters by the owners of those account. They choose helpless, illiterate, village dwelling account holders for this.

Another huge issue is unregulated loan apps. There are horror stories of people installing apps in order to take high-interest loans and then those apps stealing their private photos and contacts or accessing camera to take photos in private moments, and then sending those photos to contacts via WhatsApp when interest payment is overdue.

Then there are obvious security issues with terrorism and organized crime.

The government wants data. It's clear why. There is huge potential for misuse.

Want to check number of SIMs in your name? Download Sanchar Saathi to check:Links to Play store and App Store. Department of Telecom

I was getting these messages for sometime and installed it finally. It is the same app that is mentioned in the article. My phone is already in the system then.

It is happening, in spite many won't really deeply believe. Every day 33 brits are arrested for what they say online.

It's happening, and it's time we say no. It's uncomfortable, but we need to do it en masse, right now.

Do not buy backdoored hardware, help others get rid of the backdoors, use anonymous technology to organize protests.

There has to be a line.

I have to say I'm really surprised that I didn't find "fighting CP & terrorism" as the main push for this.

Horrible for a so-called democratic country …

Does this mean visitors to India would also get this app installed on their phone as soon as they land in India?

So, basically, this is just SIM card functionality for the age of eSIMs?

A lot of people in this thread seem unaware of what SIM cards actually are and do.

Totalitarianism is a form of class warfare. Make class warfare M.A.D.

Does it apply to iPhones manufactured to India, which are meant for export to other countries?

I don't get it. Don't many if not most of these scams originate from India? Wouldn't it be better to stop the scammers directly?

"cyber safety"

I can actually not have a phone like I don’t need one that bad if they want to make it a nightmare. I can go back to a dial tone.

Soon in U.S.

For the safety and security of children, of course.

i thought 'india' here indicate china before i clicked in.

And this is why we need unlockable bootloaders and stuff like Graphene and LineageOs. Having only two mobile Os is very convenient until stuff like this happens.

ref: "the new tobacco"

this last year i'm seeing very concerning behavior in students in the 14-20 range. complete addiction to their phones. very deep interests in things i was completely unaware that they existed. similar to how when i started noticing anime girlfriends/waifus in 2016.

about 40% are deep in discord communities where i literally cannot figure out a single sentence of what they're talking about.

if society doesn't do something, and soon, say goodbye to the cognitive ability of a large chunk of future generations.

This is going to tie in with digital ID. Obviously the Indian government has never been corrupt or abusive.

These things are more a factor of aggregate risk handling. As an example, if you have tuberculosis it is possible even in the US for the country to mandate that a doctor watch you take the treatment. Totalitarian? Authoritarian? A tool that could be used to force someone to have to show up to where a state-controlled authority could confirm that they are? Yes, all of these things could be words you could assign to that.

But societal combined risk is commonly handled in this way. In the US, if you employ someone you have to report that you paid them to a central federal government. Way to track someone? Surveillance state? All words you could use.

And the government previously restricted gambling and so on. The question isn't "why would a bad government do these things?". The question is "would a benevolent government do these things?" and "if so, why?". And the answer is quite straightforward, I think:

Someone in the government has observed that there is a great deal of cyber crime in India. A fairly uneducated population, with very high smart-phone penetration (85%+ apparently), and a large number of fraudulent actors that their federal government is unable to enforce against. So they're attempting to attack the problem where they can.

This is ultimately India. They don't need insidious "app on your phone" / stingray / any other sophisticated solution. The local politicians can manipulate local authorities to get your cell tower association data and SMS. And if they want your comms devices they will rubber-hose the secrets out of you.

Someone I know worked at a big FAANG. He's Indian so went back to Bangalore to see his ailing mother. One day he took an auto-rickshaw while wearing his FAANG sweatshirt. The driver took him to a makeshift jail where he, police officers, and a magistrate conspired to threaten the guy with prison unless he paid $10k. $10k is nothing to a FAANG engineer, so he paid up, was brought in front of court on some lesser charges and then had to pay a small fine (much less than $10k). And then he flew back to the West Coast and never returned to India. Trying to reason about this kind of place using the perspective of the West is meaningless.

I think it unlikely they're trying to use this as cyber-surveillance. India simply does not have the infrastructure necessary to do that at scale. And they have the infrastructure for the rubber-hose, and Indians wear their identification on their sleeve, so to speak. Names point to ethnic groups and castes. Primarily endogamous marriage means if you want to perform violence against groups you can simply spread out from one member of the family unit being visibly of that group.

Using an app to get access to someone's data there is sort of like using Heartbleed to get root on a machine on which you are in /etc/sudoers with NOPASSWD.

Honestly shocked it took this long for governments to start doing this; it seemed inevitable that governments would want all the data private entities have been enjoying.

More and more it seems like the benefits of being connected are not worth the cost of being so visible to so many hostile (state and non-state) actors

What should have happened is that they should have forced mobile vendors to allow users to uninstall all apps. What actually happened is that they are asking for their app to be installed as well, sigh.

Google, the phone manufacturer and now the state running bloatware on my phone. I will have three dialers, calendars, etc. All of them uninstallable

the good news is that I'm personally on my last few years online. I don't think there's anything really worthwhile in this space to do as a contributor or even as a consumer

When the hell do we start to build these products here again like it was just 20 years ago? And let's stop with "it's too expensive here...". For God's sake, these are products we use every minute of our lives.

Enough is enough...

If the app requires an on device backdoor, Apple won’t likely cave to it. If it’s sandboxed, the amount of things it can do is limited to tracking user location, given Apple also disabled turning off location sharing

I assume that in the US, the major manufacturers of phones and their operating systems already have backdoors for national security reasons. I think back to the past leaks from Snowden regarding the PRISM program. That program specifically included Google and Apple cooperating with the government under the FISA Amendments Act of 2008.

So while this state-owned cyber safety app is authoritarian, I wonder if it reflects just the most practical way India’s government can achieve the same things that the US has.

Sovereign tech stacks matter

Without domestic silicon or OS, you're forced to mandate bloatware that users can see

Real power operates at the silicon/firmware level, invisible, unremovable, and uncompromisable

This is a cringe move from India

https://www.centerforcybersecuritypolicy.org/insights-and-re...

[dead]

[dead]

[dead]

[dead]

[dead]

[flagged]