New Delhi: India has directed smartphone manufacturers to pre-install a permanent, non-removable government cybersecurity app ‘Sanchar Saathi’ on all new devices, a move that has triggered significant privacy concerns among experts and rights groups.
The order, issued last week and made public, gives companies 90 days to ensure that all newly manufactured or imported smartphones come with the state-run app already embedded.
Authorities argue that the requirement is essential for helping users verify device authenticity, report misuse of telecom resources, and curb the resale of stolen or blacklisted phones in a country with over 1.2 billion mobile users and a thriving second-hand device market.
Citizen-Centric Services for a Safer Mobile Experience#SancharSaathi is your trusted digital companion, offering a unified platform to protect your mobile identity. From reporting suspected fraud calls to blocking lost or stolen phones, checking mobile numbers issued in your… pic.twitter.com/Yv0dB5Ug3Z
— DoT India (@DoT_India) December 2, 2025
The Department of Telecommunications says duplicate or spoofed IMEI numbers present major cybersecurity risks and can inadvertently turn buyers into participants in criminal activity. The Sanchar Saathi app, launched in January, allows the public to check a phone’s IMEI number, report lost or stolen devices, and flag suspicious calls or messages.
IMEI numbers function like a device’s unique serial code, allowing networks to authenticate phones. The government says the app has already been used to recover more than 700,000 lost handsets, including 50,000 in October alone.
Under the new rules, Sanchar Saathi must be clearly visible during device setup and cannot be disabled, removed, or restricted. Manufacturers are also encouraged to push the app via software updates to unsold devices already produced. All companies must submit full compliance reports within 120 days.
Digital rights and privacy
However, digital rights advocates and cybersecurity experts warn that the requirement poses a serious threat to user privacy.
The Internet Freedom Foundation criticised the order, saying it effectively forces every smartphone in India to host government-mandated software that users cannot opt out of, potentially weakening protections that prevent apps from accessing each other’s data. They describe it as a ‘permanent, non-consensual point of access’ embedded deep within the operating system.
Although the Play Store listing states that Sanchar Saathi does not collect or share user data, experts say transparency remains limited. Compliance may also be challenging, as many global manufacturers, including Apple, prohibit pre-installing third-party or government apps before a device is sold.
With Apple’s iPhones accounting for around 4.5 percent of India’s smartphone base by mid-2025, the company is reportedly preparing to voice its objections to the government. Historically, Apple has resisted similar mandates in other countries.
India’s move follows a broader global trend: Russia introduced a similar rule in August, requiring all phones and tablets sold in the country to include the state-backed MAX messaging app, prompting comparable criticism over surveillance and digital control.
ALSO READ | Coupang confirms data breach impacting millions of users
