The mandate, which also calls for the app to remain permanently enabled and be pushed to devices already in the distribution chain via software updates, was later publicly confirmed by India’s telecom ministry. Officials framed the requirement as an essential step to combat cyber fraud, phone theft, and misuse enabled by cloned or spoofed IMEI numbers. The ministry noted that India’s large second-hand device market has made such vulnerabilities increasingly consequential.
Yet the move swiftly ignited privacy and surveillance concerns. Opposition leaders and civil-liberties advocates warned that forcing a government-controlled app onto every device could create pathways for unwanted monitoring of more than 700 million smartphone users. Congress Party leader K.C. Venugopal stated on X that “Big Brother cannot watch us,” calling for an immediate rollback.
Inside the industry, resistance is taking shape. Two sources familiar with Apple’s internal discussions said the company will inform the government that complying with such a mandate conflicts with its global privacy and security standards. Apple, they noted, does not permit governments to preinstall or enforce system-level apps that could undermine iOS security architecture. One source described the directive as “not just a sledgehammer, but a double-barrel gun,” underscoring the depth of the company’s concerns.
Apple is not expected to mount a public or legal challenge—despite already facing a high-stakes antitrust battle in India in which it has warned it could be exposed to fines of up to $38 billion. Instead, it plans to quietly argue that the requirement introduces unacceptable vulnerabilities and cannot be implemented on its devices.
Other major manufacturers, including Samsung, are still reviewing the order, according to another industry insider. Several companies were reportedly blindsided by the directive, which they say arrived without the usual industry consultation.
The dispute highlights the contrasting philosophies behind mobile operating systems: Apple’s tightly controlled iOS environment, central to its lucrative services division, versus the more flexible Android ecosystem used by brands such as Samsung and Xiaomi. While Android makers may, in theory, have more leeway to incorporate mandated software, concerns about user autonomy and long-term security remain industry-wide.
As the 90-day clock advances, both the political and technological stakes continue to rise, positioning India’s cybersecurity ambitions against the global tech sector’s longstanding privacy principles. The coming weeks may determine whether the two can find common ground—or whether the mandate becomes a new flashpoint in the relationship between New Delhi and Silicon Valley.