Government-Mandated Software a Looming Threat to Freedom

Subscribe to the Free Future Newsletter
Free Future home

An increasing number of governments around the world are requiring that smartphones come with specific software pre-installed. The notion of government-mandated software, whether it is a separate app or a routine part of the operating system, represents a grave threat to our privacy. We use computers to organize our calendars, talk with our close friends and family, form (and break) romantic attachments, track our finances, discuss and shape our values and our thoughts, plan our political activity, and read, watch, and listen to all sorts of content, from the banal to the controversial. An app or operating system with the right privileges on a phone or other computer will have access to a tremendous amount of information about us.

Let’s be clear: an app is code which runs on your device, with potential access to sensors (like cameras, microphones, radios, and GPS), data (including its own history, on-device files, camera roll, calendar, and addressbook), and pretty much unfettered network connectivity. Most apps are linked to persistent identifiers and can produce streams of information that, in the wrong hands, could paint an intricate picture of the user’s life. To the extent that an app is used for communication, the developer of the app can also place limits on what can be said or written, as well as what can be heard or read.

There is certainly room for government regulation of technology, such as breaking up oligarchic control that could itself lead to censorship. But we should all push back on regulation that opens the door to inescapable censorship or surveillance.

A spectrum of government-mandated software
To American eyes, the most obvious example of this kind of mandate comes from authoritarian governments like Russia’s, which in 2025 mandated the installation of an app called Max on all smartphones sold in that country. Max aims to be an “everything” app, starting with messaging and financial transactions. It is controlled by VK, a company with deep ties to the Russian state, and other messaging apps are explicitly discouraged. A government in control of this kind of ubiquitous platform would not only have unprecedented visibility into the lives of the people using it, but also a remarkable ability to exclude someone from society by merely revoking access to such an app.

But Russia is hardly the only government to try to mandate some sort of technical control over or access to people’s communications. Indeed, the US tried to do something similar back in the 1990s by mandating a backdoored hardware encryption scheme known as the Clipper Chip, but that project was scuttled by pushback from civil society and by a growing awareness of technical deficiencies in the Clipper Chip itself. During the COVID-19 pandemic, there was discussion of mandating the use of location-tracking apps to assist with contact tracing. Such apps were developed, but were never mandated (or even voluntarily adopted by more than a few). The ACLU opposed such mandatory installations at the time as the “functional equivalent of an ankle bracelet.”

Recently, other countries have taken steps to follow Russia’s lead. Also in 2025, India mandated the pre-installation of Sanchar Saathi, a supposed “cybersecurity” app, on all smartphones sold in the country. This app has (among other things) the ability to access messages, calls, cameras, microphones, and local files, as well as to block the device if it is reported stolen. In addition to being required for installation on new phones, the mandate would even have obliged any operating system vendor active in India to install the app during standard operating system software updates. Even worse, the mandate indicated that the app “cannot be disabled or restricted.” Imagine what a government trying to suppress a political rival or a marginalized minority could do with this level of fine-grained access and control over the fabric of social interaction, commerce, and transportation.

Fortunately, the Indian mandate for installation was rolled back under pressure from civil society, the political opposition, and operating system vendors. Still, the app already has achieved widespread adoption across Indian society.

The UK authorities have been considering a mandate for operating system vendors to pre-install nudity filters, which could be used to restrict access to content in any application, based on the device’s knowledge of its user’s purported age. While this tooling wouldn’t be developed or maintained by the state itself, a state mandating this kind of control could easily extend it to implement other filters, such as blocking “extremism,” an undefined term that is ripe for abuse by those in power to suppress disfavored messages.

Similarly, in the US, some proposed state-level legislation would require device and operating system vendors to determine if a user is a minor, and emit a signal to any app or network service that might need to know. How exactly that age determination is supposed to happen, or what specific signal should be emitted is unclear, but a more concrete bill could offer detailed specifics.

Also here in the US, individual states and the federal TSA have been pushing for an increased role for digital ID systems. Depending on how these digital ID schemes are deployed, they can amount to a government mandate for the installation of a particular application, or even a government mandate for a particular choice of operating system or vendor. For example, New York State offers a digital ID app that is not available for devices that the user is fully in control of (“jailbroken” or “rooted” smartphones). California’s digital ID app has similar requirements. We’ve offered some recommendations for states considering adoption of digital IDs that would mitigate some of the most problematic aspects of the worst systems, but no states have adopted our recommendations in full.

Our recommendations include a “right to paper” (physical IDs) and an open ecosystem of digital wallet apps that is free from vendor lock-in and averts the need to install government software in the form of an official app. No government or private corporate vendor should be able to require you to carry a device at all, let alone control or monitor what happens on your device, even when interacting with a government-issued ID.

The Risk of Software Updates on Mandatory Software
One common counterargument to the concern raised here is that merely requiring a specific app or operating service to be installed doesn’t always amount to a violation of civil liberties. For example, what if all the app really does is let you show your government-issued ID in a privacy-preserving fashion whenever you decide you want to do so?

It would be great to be able to rely on these promises of purpose-limitation, but in thinking through the risks a mandated app poses to civil liberties, we need to consider the provider of the app as a potential adversary. If the user is obliged to install the app, then the user is obliged to accept updates as well, and any overreaching government agency or coordinating corporation can radically change the scope of what their app can do. What happens if the next version of the otherwise benign mandatory digital ID app suddenly contains a phone home tracking feature requested by law enforcement?

In 2025, automated software updates are a necessary part of maintaining any computer responsibly, because virtually all software has bugs, and when bugs are discovered and fixed, you can only get the fixes with the next software update. Unfortunately, the software update channel can be used to push unwanted or malicious features on users of an app as well. We stand clearly against government abuse of the software update process. But what happens when the government is the vendor of the software being updated?

To responsibly defend against abuse of an otherwise-beneficial mandatory app via software update, you’d need a serious multi-stakeholder independent review process, including the ability of any of the reviewers to inspect, reject, and modify specific updates. This kind of work would require significant organization and funding, and in the case of disagreement or conflict between reviewers, could ultimately result in many different variants of the app being available to different users. In effect, this would break the mandate, as people would be able to choose a version of the app that doesn’t have any malicious features injected. Any such apps would effectively be free and open source software (FOSS).

But in an ideal world where we were to have those protections (including substantial resources for many reviews from different perspectives) why bother with the mandate? Just release the source code, let well-funded consumer advocates review and build what they find acceptable, and let people install, update, and remove as needed.

Explicit vs. De Facto Requirements
This raises another concern: an explicitly mandated requirement for app or software installation is clearly problematic. But what about de facto requirements, where users feel obliged to install the app, even against their own interests?

One way that users can be pressured to install an app without a formal mandate is if the app is seen as offering them substantial savings in time or money. For example, to apply for a visa to visit Australia, a foreigner has two options:

1. Install the Australian Electronic Travel Authority (ETA) app, pay an app installation fee of AUD$20, answer a few questions in the app, apply for a visa with no fee for the visa application, and receive a response within a day or two, or
2. Apply for a Visitor visa which requires an application fee of AUD$200, completion of a very lengthy, multipage webform, and receive a response several weeks later.

In other words, people are strongly steered towards installing the Australian government’s ETA app, even though it’s not formally required. (One question this raises: what kinds of data does the Australian government get about the applicant from the app installation, if they consider it somehow the equivalent of a dozen pages of detailed background check questions?)

Similarly, American travelers entering the USA are encouraged by the Customs and Border Patrol (CBP) to install the Mobile Passport Control app, on similar efficiency grounds. The CBP’s description of the app explicitly says that you can expect “shorter wait times in Customs” and compares its pricing (free!) to the more expensive Global Entry program. Along the same lines, many non-American visitors to the USA use the Electronic System for Travel Authorization (ESTA) system, which can currently be accessed via either a website or a mobile app. But new proposed changes reveal a plan to decommission the website and make the app the only available option if you want an ESTA.

These sorts of insidious incentives to install an app allow the government to claim that installation is voluntary while still making it an effective requirement.

Aside from practical incentives like time and money, another form of de facto requirement is a social imperative. This trades on the so-called network effect: those situations where once enough people, restaurants, and landlords have adopted an app, we all become effectively obliged to install it if we want to be in touch with our friends, or pay for lunch, or find a place to live — and thus contribute to the lock-in ourselves as well. At that point, it’s hard to argue that the app is truly voluntary. Reaching a certain level of ubiquity creates a society-scale lock-in, even for an app that is not formally mandatory. We can see this at play in China with WeChat/Weixin, which offers communications, payment, and other functionality, and is pretty much impossible to escape while living in China.

Ubiquitous Private Apps as Government Mandates
While the Chinese Weixin (owned by TenCent) and the Russian Max (owned by VK) are each ostensibly operated by private companies, the operators tightly collude with government authorities. Weixin’s policies prohibit users from “Endangering national security, divulging state secrets, subverting state power, and undermining national unity” or “Inciting illegal assembly, association, procession, demonstration or gatherings that disrupt the social order,” among many other restrictions. Max’s owner VK has a history of censoring material disliked by the Russian government.

How far away are we from this scenario in the USA? Privately-held social media like YouTube and Facebook are used by large majorities of Americans, and most social media platforms aggressively push mobile users toward the “app” experience, if they even operate a website any more. Customs and Border Patrol (CBP) are now requiring certain visitors to self-report social media handles. This effectively turns any private information gathered by private social media apps into a potential source for government surveillance, unless the platform operators aggressively resist requests for information from the government.

In addition to travel requirements, digital IDs and age assurance requirements are likely to introduce additional pressure for installation of private apps that could be subsequently misused.

Policymakers need to make it a clear goal to avoid any government requirements or pressure for people to run any sort of specific software on our devices, which have so much visibility and control over our modern lives.