India Mandates Pre-Loading State Cybersecurity App on Smartphones

Wed Dec 03 2025 11:11:28 GMT+0200 (Eastern European Standard Time)

The Indian government has ordered that all new smartphones must come with a state-run cybersecurity app, raising concerns over user privacy and data surveillance.

In a controversial move, the Indian government has mandated that all new smartphones sold in the country must be pre-loaded with the state-run Sanchar Saathi app. This decision, effective within 90 days, aims to enhance cybersecurity but has sparked significant backlash over potential privacy infringements. Critics, including tech experts and civil rights advocates, express concerns regarding the app's extensive access to user data and its inability to be disabled by users. Despite assurances from officials that users can delete the app, ambiguities about its functions raise further questions about user autonomy and data protection.

India has ordered all new smartphones to come pre-loaded with a state-run cybersecurity app, sparking privacy and surveillance concerns.

Under the order - passed last week but made public on Monday - smartphone makers have 90 days to ensure all new devices come with the government's Sanchar Saathi app, whose 'functionalities cannot be disabled or restricted'.

It states that this is necessary to help citizens verify the authenticity of a handset and report the suspected misuse of telecom resources. The move - which comes in one of the world's largest phone markets, with more than 1.2 billion mobile users - has been criticized by cyber experts, who say it breaches citizens' right to privacy.

Under the app's privacy policy, it can make and manage phone calls, send messages, access call and message logs, photos and files, and even control the phone's camera. Advocacy groups like the Internet Freedom Foundation say that this converts every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully refuse, control, or remove.

India's Minister of Communications, Jyotiradtiya Scindia, clarified that mobile phone users will have the option to delete this app if they do not want to use it. He stated, 'This is a completely voluntary and democratic system - users may choose to activate the app and avail its benefits, or if they do not wish to, they can easily delete it from their phone at any time.' However, the minister did not clarify how this would be accomplished if the app's functions cannot be disabled or restricted.

The Sanchar Saathi app, launched in January, allows users to check a device's IMEI, report lost or stolen phones, and flag suspected fraud communications. An IMEI - the International Mobile Equipment Identity - is a unique code identifying and authenticating a mobile device on cellular networks.

Despite government claims that the app has helped recover over 700,000 lost phones, experts remain worried about its broad permissions and implications for surveillance. They point out the difficulty of compliance, as the order contradicts policies of most handset manufacturers, including Apple, which has reportedly indicated it will not comply with the government's mandate.

Overall, while the initiative aims to enhance cybersecurity, concerns about privacy continue to loom large in the public discourse surrounding its implementation.