Written by Sarosh Bana.
Concerns were roused recently when Apple Inc., the world’s largest tech company, notified over two dozen Indian opposition leaders and journalists that their iPhones were being targeted by “state-sponsored attackers”.
Posting screenshots of these alerts on social media, opposition leaders, including Congress’ Mallikarjun Kharge, K.C. Venugopal and Shashi Tharoor, Trinamool Congress’ Mahua Moitra, UBT Shiv Sena’s Priyanka Chaturvedi, AAP’s Raghav Chadha, Samajwadi Party’s Akhilesh Yadav, and Sitaram Yechury of Communist Party of India (Marxist), accused the government of snooping on them.
All the recipients are known critics of the government and have been among those similarly targeted on previous occasions.
Cupertino-headquartered Apple cautioned: “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” The tech giant has raised such warnings on occasion across 150 countries after it incorporated an alert function in its phones in 2021.
In a statement released in August, Apple explained that state-sponsored attacks target users individually because of who they are or what they do. “Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which make these attacks much harder to detect and prevent,” the company clarified. “State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life; the vast majority of users will never be targeted by such attacks.”
Apple added that upon discovering “activity consistent with a state-sponsored attack”, it notifies the targeted users through a ‘threat notification’ displayed at the top of the page after the user has signed in to ‘appleid.apple.com’, as also at the email addresses and phone numbers linked to the users’ Apple IDs. “These notifications will provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode,” the statement indicated.
According to Apple, state-sponsored attacks can be detected on the basis of threat intelligence signals “that are often imperfect and incomplete”. “It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected,” it maintained. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”
The BJP government and its affiliates on social media ascribed the Apple alert to an ‘algorithm malfunction’, but Apple discounted this, affirming they appeared to be state-sponsored targeted attempts that were not large-scale harvesting of data as private and individual hackers tend to do. Minister of Electronics and Information Technology (eitY) Ashwini Vaishnaw cited Apple’s claim that the notifications were sent to as many as 150 countries, but the company said its alerts were sent over the past few years.
The opposition alleged ‘Snoopgate’, and in a social media post, Chaturvedi wrote: “As per [weekly news magazine]India Today, government sources are claiming malware attack and Apple algorithm malfunction led to these messages. Funny that only opposition got the memo of surveillance, even the algorithm was selective in its choice! What a joke of an excuse!”
Describing the Opposition claims of snooping as “vague”, the Ministry of eitY (MeitY) sent a notice to Apple on the controversy. It was besides reported that the Parliamentary Standing Committee on Information Technology proposed to summon Apple representatives to ascertain their views. The Ministry, however, urged the iPhone manufacturer to cooperate with the inquiry initiated by the Indian Computer Emergency Response Team (CERT-IN).
With the government pursuing its Digital India campaign that it had launched in July 2015 “to ensure that the government’s services are made available to citizens electronically through improved online infrastructure and by increasing internet connectivity or making the country digitally empowered in the field of technology”, the risk of personal data being publicly available for misuse has been a constant concern.
The new Digital Personal Data Protection Act, 2023, empowers the government to seek information from firms and issue directions to block content on the advice of a data protection board appointed by it. The statute besides exempts state agencies from its provisions.
For most online transactions and bookings, people are obliged to share their personal information as a matter of routine, and any exposure of such information can breach an individual’s basic right to privacy.
According to PRS Legislative Research, an independent non-profit research institute that seeks to “make the Indian legislative process better informed, more transparent and participatory”, exemptions to data processing by the State on grounds such as national security may lead to data collection, processing, and retention beyond what is necessary, and may consequently violate the fundamental right to privacy.
However, India’s growing digitalisation has simultaneously proved bountiful for Apple, its CEO Tim Cook singling out the country as an “incredibly exciting market for us and a major focus of ours”. “We had an all-time revenue record in India, we grew very strong double digits,” Cook said during an earnings call. “We have low share in a large market and so it would seem that there’s a lot of headroom there.”
In high-profile events earlier this year, Cook inaugurated Apple’s first stores in India, in Mumbai and New Delhi. Apple’s regulatory filings with the Registrar of Companies for 2022-23 records 48 per cent growth in sales, to Rs49,321 crore ($5.9 billion) 76 per cent rise in net profit, to Rs2,229 crore ($269 million).
Indeed, in the first time that Apple will be developing its manufacturing process outside China, it will commence assembling the iPhone17 in India. Apple has tied up with Tata Group subsidiary Tata Electronics that became the first Indian company to enter iPhone production through its recent purchase of Wistron InfoComm Manufacturing (India). The 100 per cent acquisition was by way of a Share Purchase Agreement with SMS InfoComm (Singapore) and Wistron Hong Kong. Apple proposes to hike production more than fivefold to around $40 billion by 2027.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability, and that needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.”