Indian govt asserts that Apple users should self-complacently report any breaches, considering Apple’s threat notifications.

In the late 2023, Apple sent threat notifications to several Opposition MPs and journalists, causing political controversy and prompting the government to notify Apple, involve CERT-In, and seek clarification

Apple’s recent spyware attack threat notifications sent to a few Indian politicians and activists, the Ministry of Electronics and Information Technology (MeitY) may not notify Apple. Instead, the ministry believes that citizens must prove any breach and recommends such victims submit their phones for checking by the Indian Computer Emergency Response Team. In November 2023, a similar threat notification was sent to several Opposition MPs and journalists, which sparked a political firestorm with the opposition accusing the government of spying. The government denied the charges, sent a notice to Apple, and sought clarification. CERT-In was involved in investigating these claims. The investigation stage remains unclear despite Apple officials meeting government officials in December 2023.

The recent recipients of Apple’s threat notifications include Congress’ KC Venugopal, Iltija Mufti (media adviser and daughter of former Jammu and Kashmir chief minister Mehbooba Mufti), and Pushparaj Deshpande (founder of Samruddha Bharat Foundation), among others. Users in 97 other countries also received similar notifications. People can get their phones checked by CERT-In to see if such an attack or breach has happened or not.” However, an earlier recipient of such a threat notification expressed wariness about submitting their phone to the government for inspection. They noted that governments use spyware like Pegasus. In an email sent to potential victims on July 10, Apple stated, “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are sporadic and vastly more sophisticated than regular cybercriminal activity or consumer malware.”