India has introduced a new rule requiring all newly manufactured smartphones to come with a government-developed cybersecurity app already installed. The move has sparked major privacy and surveillance concerns, especially because the app’s functionalities cannot initially be disabled or restricted.
The directive, issued last week and revealed publicly on Monday, gives smartphone makers 90 days to comply. Under the order, every new device sold in India must include the Sanchar Saathi app, which the government says is essential for verifying the authenticity of phones and reporting the misuse of telecom services.
India, one of the world’s largest smartphone markets with over 1.2 billion mobile users, now faces intense criticism from digital rights groups and cybersecurity experts. They argue that the new requirement violates the right to privacy and grants the government extensive access to personal data.
What the Sanchar Saathi App Can Access
According to its privacy policy, the app can:
- Make and manage phone calls
- Send SMS messages
- Access call logs and message logs
- View photos, videos, and stored files
- Use the device’s camera
The Internet Freedom Foundation criticized the mandate, stating that it essentially turns every smartphone in India into a “tool for state-imposed software that users cannot refuse, control or uninstall.”
Government Attempts to Calm Backlash
India’s Minister of Communications, Jyotiraditya Scindia, later stated that installing the app is “voluntary” for users and that they can delete it if they wish. However, critics pointed out the contradiction, noting that the official order explicitly says the app’s functions cannot be disabled or restricted.
This contradiction has further deepened concerns about how the app will operate in practice.
Purpose of the App
Launched in January, Sanchar Saathi allows users to:
- Check a phone’s IMEI number
- Report stolen or lost devices
- Flag fraudulent calls or suspicious messages
The government argues that duplicate or spoofed IMEI numbers pose a “serious threat” to national cyber safety, especially with India’s large second-hand mobile market.
Officials claim the app has already helped recover over 700,000 lost phones, including 50,000 in a single month.
Concerns Over Surveillance and Data Collection
Cyber experts say the real issue lies in the breadth of permissions the app requests.
Technology analyst Prasanto K. Roy warned that the app’s access goes far beyond what is needed for device verification.
He noted that users cannot fully understand what the app may be doing in the background, calling the extensive permissions “deeply worrying.”
The app’s Play Store listing says it does not collect user data, but experts want clearer explanations from India’s Department of Telecommunications.
Pushback From Smartphone Manufacturers
The order may be difficult to enforce, as most smartphone brands — including Apple — do not allow pre-installation of government apps before sale, except in markets like China and Russia.
Apple, which controls about 4.5% of India’s smartphone market, has reportedly raised concerns and may not comply with the directive, according to Reuters.
Global Context
India isn’t alone in expanding government control over digital devices.
In August, Russia mandated that all phones and tablets sold in the country must come pre-installed with the state-backed MAX messenger app, sparking similar fears about surveillance.
What Happens Next
Smartphone manufacturers have 120 days to file compliance reports.
The Indian government insists the move strengthens telecom cybersecurity, while critics warn it could set a dangerous precedent for mandatory government software on personal devices.
As the debate grows, India faces a crucial balancing act between security and digital privacy, with millions of users caught in the middle.
