Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
India has ordered all new smartphones to come pre-installed with an immovable state-run cybersecurity app, raising privacy concerns.
Under the order passed last week but announced on Monday, smartphone manufacturers have 90 days to ensure that all new devices come with the government’s Sanchar Saathi app.
It said this was necessary to help citizens verify the authenticity of mobile phones and report suspected misuse of telecommunications resources.
The move, which comes in one of the world’s largest mobile phone markets with more than 1.2 billion mobile users, was criticized by cyber experts who said it violated citizens’ privacy rights.
Launched in January, the Sanchar Saathi app allows users to check a device’s IMEI, report a lost or stolen phone, and flag suspected fraudulent communications.
IMEI (International Mobile Equipment Identity) is a unique 15-digit code used to identify and authenticate mobile devices on cellular networks. This code is essentially the phone’s serial number.
India’s Ministry of Telecommunications said in a statement that mobile phones with duplicate or forged IMEI numbers pose a “serious hazard” to the security of telecom networks.
“India has a large market for second-hand mobile devices. Situations of stolen or blacklisted devices have also been observed being resold,” the report said, adding that this makes buyers “criminals and causes them financial losses”.
Under the new rules, pre-installed apps must be “readily visible and accessible” when users set up their devices, and their functionality cannot be disabled or restricted.
Smartphone makers must also “work hard” to make the app available through software updates for devices that have shipped but not yet been sold, the statement said.
All companies are required to provide compliance reports for the order within 120 days.
The government said the move would strengthen telecommunications network security. Citing official data, Reuters said the app has helped recover more than 700,000 lost phones, including 50,000 in October alone.
But experts say the app’s broad permissions raise concerns about how much data it can collect, broadening the scope of surveillance.
“Simply put, this turns every smartphone sold in India into a container for state-mandated software that users cannot meaningfully deny, control, or remove,” the Internet Freedom Foundation, an advocacy group, said in a statement.
The group said the design makes it impossible to disable apps and weakens protections that typically prevent one app from accessing another app’s data.
This effectively turns the app into “a permanent, involuntary access point in the operating system of every Indian smartphone user,” it added.
Technology analyst and author Prasanto K Roy said the bigger concern is the extent to which apps will ultimately be allowed access on the phone.
“We can’t see exactly what it’s doing, but we can see that it’s asking for a lot of permissions – potentially accessing pretty much everything from flashlights to cameras. That in itself is worrying,” he told the BBC.
On Google’s Play Store, the app says it doesn’t collect or share any user data. The BBC has contacted Telecoms to inquire about the app and the privacy concerns associated with it.
Roy added that compliance will be difficult because the order goes against the policies of most phone manufacturers, including Apple.
“Most companies prohibit the installation of any government or third-party apps before selling a smartphone,” he said.
According to Counterpoint Research, although the Indian smartphone market is dominated by Android, an estimated 4.5% of India’s 735 million smartphones will be powered by Apple’s iOS system by mid-2025.
“Apple has a history of resisting such requests from governments,” Counterpoint research director Tarun Pathak told Reuters.
Apple has not commented publicly, but Reuters reported that the company does not plan to comply with the rule and “will express its concerns to Delhi.”
India is not the only country tightening device verification rules.
In August, Russia ordered all phones and tablets sold in the country to come pre-installed with the state-backed MAX Messenger app, raising similar privacy and surveillance concerns.
Follow BBC India News Instagram, Youtube, twitter and Facebook.
