India has ordered all new smartphones to be preloaded with a government cybersecurity app, raising concerns about privacy and surveillance.
Under the order, passed last week but announced on Monday, smartphone manufacturers have 90 days to ensure that all new devices include the government’s communication companion app, whose “functions cannot be disabled or interrupted.”
They say this is necessary to help citizens verify the authenticity of handsets and report misuse of telecom resources.
The move—which comes in one of the world’s largest phone markets, with more than 1.2 billion mobile users—has been criticized by cyber experts, who say it violates citizens’ right to privacy.
Under the app’s privacy policy, it can make and manage phone calls, send messages, and access call and message logs, photos and files, as well as the phone’s camera.
Advocacy group Internet Freedom Foundation said in a statement, “Simply put, this turns every smartphone sold in India into a repository of state-mandated software that the user cannot rightfully refuse, control, or remove.”
Amid growing criticism, India’s Communications Minister Jyotiraditya Scindia clarified that mobile phone users will have the option to delete the app if they no longer wish to use it. He wrote on X, “This is a completely voluntary and democratic system—users can activate the app and enjoy its benefits, or if they don’t want to, they can easily delete it from their phone at any time.”
However, the minister did not specify how this would be done if the app’s functions could not be disabled or restricted. Launched in January, the Sanchar Saathi app allows users to check the IMEI of a device, report lost or stolen phones, and flag suspected fraudulent communications.
IMEI – International Mobile Equipment Identity—is a unique 15-digit code that identifies and authenticates mobile devices on cellular networks. The code is basically the serial number of the phone. India’s Department of Telecommunications said in a statement that mobile handsets with duplicate or fake IMEI numbers pose a “serious threat” to telecom cybersecurity.
“The market for second-hand mobile devices in India is large. There have also been cases where stolen or blacklisted devices are being resold,” he said, adding that this makes the buyer “an abettor of crime” and causes them financial losses.
Under the new rules, pre-installed apps must be “readily visible and accessible” to users when they set up the device, and their functionality cannot be disabled or restricted.
The statement said smartphone manufacturers should “endeavor” to provide apps through software updates for devices that are out of factories but not yet sold. All companies have been asked to submit a compliance report on the order within 120 days.
The government says the move will strengthen telecom cybersecurity. A Reuters report, citing official figures, said the app has helped recover more than 700,000 lost phones—including 50,000 in October alone.
But experts say the app’s broad permissions raise concerns about how much data it can collect, increasing the scope of surveillance.
Technology analyst Prasanto K. Roy says the bigger concern is how much access the app will be allowed on handsets.
We can’t see exactly what it’s doing, but we can see that it’s asking for a lot of permissions—potentially access to almost everything from the flashlight to the camera. This in itself is worrying
Mr. Roy adds that compliance will be difficult, as the order goes against the policies of most handset manufacturers, including Apple. “Most companies prohibit the installation of any government or third-party apps before the sale of a smartphone,” he says.
While Android dominates India’s smartphone market, Apple’s iOS is expected to power an estimated 4.5% of the country’s 735 million smartphones by mid-2025, according to Counterpoint Research.
Apple has not commented publicly, but Reuters reports that it does not intend to comply and will “express its concerns to Delhi.” India is not the only country to tighten device verification rules.
In August, Russia mandated that all phones and tablets sold in the country come pre-installed with the state-backed MAX messenger app, raising similar privacy and surveillance concerns.
