India Orders Smartphone Makers to Pre-Install Cyber Safety App, Triggering Privacy Concerns

The Indian government has introduced a new requirement that all newly manufactured smartphones must come pre-loaded with a state-run cybersecurity application called Sanchar Saathi. The directive, issued last week and made public on Monday, gives device makers ninety days to comply. According to the order, the app’s core functions cannot be disabled or restricted, and it must be easy for users to access when setting up their phones. The government argues the app will help citizens verify whether their handsets are genuine and allow them to report potential misuse of telecom services.

A Growing Debate Over Privacy

India is home to one of the world’s largest smartphone markets, with more than 1.2 billion mobile users. With such a massive user base, the mandate has sparked immediate criticism from cyber experts and digital rights advocates. They warn that the app’s extensive permissions raise questions about privacy and the potential for increased surveillance. Under its current policy, Sanchar Saathi can manage calls, send messages, access call and message logs, view photos and files and use the phone’s camera. Advocacy group Internet Freedom Foundation said the move effectively turns every smartphone sold in India into a device with compulsory state software that users cannot meaningfully reject or control.

Government Seeks to Reassure Users

In response to mounting concern, India’s Minister of Communications Jyotiraditya Scindia issued a clarification. He said users would be free to delete the app from their phones if they did not wish to use it. He described the system as voluntary and democratic. However, he did not explain how users would be able to remove Sanchar Saathi if its functions are not supposed to be disabled. This lack of clarity continues to fuel doubts among privacy experts and technology analysts.

What the App Is Designed to Do

Sanchar Saathi was launched in January as a tool intended to help the public protect themselves from phone fraud. It allows users to check a device’s IMEI number, report lost or stolen phones, and flag suspicious communications. The IMEI, a unique fifteen-digit identifier, acts as a phone’s serial number on mobile networks. The Department of Telecommunications says duplicated or spoofed IMEI numbers pose serious risks to cybersecurity. Officials also highlighted the large second-hand phone market in India and the resale of stolen phones as key reasons for requiring the app. They argue that giving buyers a tool to verify devices will reduce fraud and financial losses.

Industry Resistance and Compliance Challenges

The directive states that smartphone manufacturers must also try to install the app via software updates for unsold devices already produced. All companies must file compliance reports within 120 days. Yet experts say the order presents major challenges for global handset makers. Many companies have strict internal policies that prohibit installing government mandated apps before a phone is sold. Technology analyst Prasanto K Roy says most major brands, including Apple, do not allow such installations except in countries like China and Russia. Apple has not released an official statement, but reports suggest the company does not intend to comply and will communicate its concerns to the Indian government.

Surveillance Concerns and Global Context

Although the app states on Google’s Play Store that it does not collect or share personal data, analysts worry about the extent of the permissions it requests. They say it is not yet clear how much information the app can access or how it may evolve in the future. India is not alone in tightening rules related to mobile device verification. In August, Russia introduced a similar requirement forcing phones sold in the country to include a state backed messaging app, prompting nearly identical debates about surveillance and user freedom.