India orders all new smartphones to pre-install state-owned cybersecurity app 'Sanchar Saathi'

Highlights:

India has introduced a major new rule requiring all new smartphones to come pre-loaded with the government-run Sanchar Saathi cybersecurity app. The order was passed last week and made public on Monday (1). Smartphone makers have 90 days to comply, and the government says the app’s “functionalities cannot be disabled or restricted.” This move affects one of the world’s largest mobile markets, with over 1.2 billion users.

Officials say the app is meant to help people verify if their phone is genuine and to report suspected misuse of telecom services. But cybersecurity experts argue that the policy crosses major privacy boundaries and undermines user choice.

Criticism over privacy and data access

The app’s privacy policy states that it can make and manage calls, send messages, access logs, photos, files, and use the phone’s camera. Advocacy group Internet Freedom Foundation expressed strong concerns, saying, “In plain terms, this converts every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully refuse, control, or remove.”

Despite the backlash, India’s minister of communications Jyotiradtiya Scindia insisted that the app is optional. He wrote on X, “This is a completely voluntary and democratic system - users may choose to activate the app and avail its benefits, or if they do not wish to, they can easily delete it from their phone at any time.”

However, critics point out that this assurance conflicts with the rule stating that the app cannot be disabled or restricted. The government has not explained how users would delete it under those conditions.

What Sanchar Saathi does

Launched in January, Sanchar Saathi allows users to check a phone’s IMEI number, report lost or stolen devices, and flag potential fraud. An IMEI is the unique 15-digit code that identifies a device on mobile networks. The government says fake or duplicate IMEI numbers pose a “serious endangerment” to telecom cybersecurity and contribute to a growing second-hand market where stolen phones may be resold, making buyers “an abetter in crime.”

The order requires the app to be clearly visible during setup. Manufacturers are also asked to try to install the app through software updates on unsold devices already produced. Companies must provide compliance reports within 120 days.

Industry pushback and global context

Experts argue that the app’s broad permissions allow deep access into a user’s device and could open the door to surveillance. Technology analyst Prasanto K Roy said, “We can't see exactly what it's doing, but we can see that it's asking for a great deal of permissions - potential access to just about everything from flashlight to camera. This is itself worrying.”

Compliance may also clash with corporate policies. “Most companies prohibit installation of any government or third-party app before the sale of a smartphone,” Roy added.

Apple, which holds around 4.5 per cent of India’s 735 million smartphones, has reportedly told Reuters it does not intend to comply and will raise concerns with the government.

India’s move follows similar actions elsewhere. In August, Russia ordered all phones and tablets sold there to come pre-installed with the state-backed MAX messenger app, sparking similar fears.