Yes, China is spying on India through different mobile apps that many of the Chinese mobile phone manufacturers offer on the phones they sell in India. It's easy to anticipate how the Chinese government would have reacted if such malicious applications were sourced from Indian mobile phone companies operating in China. It's another matter that there are no Indian phone makers that sell phones in China but assuming there were a few of them selling their phones there with malware designed to spy on Chinese citizens, the immediate outcome would have been a ban on all Indian phone manufacturers right away.
That would have been the standard reaction of a paranoid communist establishment which doesn't understand democracy. So, getting back to the largest democracy on planet earth, we have some interesting instances of how our government handled spying in India by China through mobile apps. In late November 2017, the Information Technology Cell of the CRPF (Central Reserve Police Force) issued an advisory to all its formations to avoid 42 mobile phone applications as these contain malware and spyware that eventually send data to servers in China or those that are controlled by Chinese stakeholders outside China.
A few years ago, Redmi, a Chinese phone maker reportedly sent data of Indian Air Force personnel to a few servers in China and it triggered an immediate reaction from the Indian Air Force which asked its staff not to use phones of certain Chinese manufacturers, like Xiaomi. Similarly, the CRPF Directorate had also directed its staff to follow certain guidelines on what phone makes and which apps to avoid. Apps like Weibo, Wechat, Shareit, Truecaller and Newsdog have been identified as malware or spyware on the basis of circumstantial evidence of their illegal and unlawful activities. It's remarkable that no blanket ban on Chinese phone companies was recommended either by the security forces or the government which is a testament to India's democratic traditions.