The Ministry of Electronics and Information Technology (MeitY) has sent a formal notice to Apple, seeking clarification after the company issued another wave of “state-sponsored spyware” threat notifications to iPhone users worldwide, including a number in India. According to officials familiar with the matter, the government questioned Apple’s methodology and the basis of the alerts, which the company says rely on proprietary threat-detection signals.
The notification cycle began on December 2 and 3, when Apple and Google simultaneously warned select users that they may have been targeted by sophisticated spyware campaigns. These alerts—sent only when the companies believe individuals face an elevated threat from highly resourced attackers—are often associated with mercenary surveillance tools deployed by state or state-aligned actors.
CERT-In Steps In: Voluntary Device Inspections for Alerted Users
India’s cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), issued a detailed advisory soon after the notifications appeared. The agency strongly urged users to update their devices immediately and offered technical assistance to anyone who had received an alert.
“Any user who has received such notification and wishes to get their Apple devices examined are requested to reach out to CERT-In,” the advisory said, listing the email address submitmobile@cert-in.org.in for submissions.
The advisory, tagged CIAD-2025-0048, outlined Apple’s warning that attackers may have attempted to remotely compromise devices associated with users’ Apple IDs. CERT-In’s involvement suggests the government is attempting to move swiftly, balancing public reassurance with the need to understand whether Indian users are facing targeted digital intrusion.
Escalation of Spyware Threats Has Global Implications
Cybersecurity researchers say the latest round of notifications underscores the growing spread of commercial spyware, which can be purchased and deployed by both governments and private entities.
“The spread of commercial spyware weakens global and domestic cybersecurity,” said Meghna Bal, director at the Esya Centre. “Hostile actors can exploit the same vulnerabilities used by mercenary surveillance tools.”
Bal noted that while international coordination on spyware non-proliferation remains ideal, geopolitical realities make such cooperation unlikely. Instead, she argues, governments must prioritise proactive threat prevention and deepen collaboration with the private sector on threat intelligence.
A Familiar Tension Between Platform Signals and Government Skepticism
This is not the first instance in which Apple’s threat notifications have drawn official attention in India. In 2023, MeitY sought clarifications from Apple after several opposition politicians and journalists reported receiving similar alerts—raising heated debate over whether the threats were genuine or exaggerated.
Following that episode, Apple met senior officials at MeitY and CERT-In, reiterating that its alerts are driven purely by internal threat indicators and are not attributed to any specific government. The company maintains this position today, emphasising that its systems are designed to err on the side of caution when detecting anomalous activity that resembles advanced intrusion attempts.
Rising Sophistication of Attacks, Expanding Attack Surface
Cybersecurity experts say sophisticated spyware campaigns—once limited to a handful of high-value targets—are now proliferating due to the growth of commercial hacking vendors and low-friction access to exploit toolkits.
As devices integrate more sensitive data and personal communications, the stakes of such attacks have dramatically risen. India, with one of the world’s largest smartphone user bases and a rapidly digitising economy, remains an attractive target for both surveillance actors and opportunistic cybercriminals.
The latest government notice to Apple reflects an urgent need to balance transparency with accountability: ensuring that threat notifications do not cause unnecessary alarm, while also enabling rapid defensive action where risks are real.
A Broader Debate on Trust, Surveillance, and Platform Responsibility
As the lines blur between legitimate investigative tools and uncontrolled mercenary surveillance markets, security researchers argue that democratic institutions must build stronger frameworks to oversee digital intrusion capabilities.
For now, MeitY’s notice and CERT-In’s offer of voluntary device checks signal a dual approach—skepticism of platform assessments, combined with a readiness to respond to potential threats.
Whether the current episode leads to clearer protocols or renewed tension between Big Tech firms and national cybersecurity agencies remains to be seen.
