India orders all new smartphones to ship with cybersecurity app

India has mandated that all new smartphones come pre-installed with the government’s Sanchar Saathi cybersecurity app, triggering widespread criticism from digital rights groups and industry experts.

The order, issued last week and made public on December 1, gives manufacturers 90 days to comply and states that the app’s “functionalities cannot be disabled or restricted," according to BBC. 

Authorities say the requirement is meant to help users verify handset authenticity and report telecom fraud, in a market with more than 1.2 billion mobile users. The Department of Telecommunications argues that duplicate or spoofed IMEI numbers pose “serious endangerment” to telecom cybersecurity, especially as stolen and blacklisted devices are resold in India’s large second-hand phone market.

But cyber experts warn that the app’s extensive permissions — including access to calls, messages, logs, files, photos and the device camera — pose major privacy risks.

“In plain terms, this converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove,” the Internet Freedom Foundation said.

Amid growing backlash, Communications Minister Jyotiraditya Scindia insisted the system remains voluntary. 

“Users may choose to activate the app and avail its benefits, or if they do not wish to, they can easily delete it from their phone at any time,” he wrote on X.

However, he did not clarify how deletion would work under rules stating the app cannot be disabled or restricted.

Launched in January, Sanchar Saathi allows users to check IMEI numbers, report stolen phones and flag fraudulent communications. The government says the app has helped recover more than 700,000 lost devices, including 50,000 in October alone, according to figures cited by Reuters.

Still, analysts say the app’s broad access raises the potential for surveillance.

“We can’t see exactly what it’s doing, but we can see that it’s asking for a great deal of permissions — potential access to just about everything from flashlight to camera. This is itself worrying,” technology analyst Prasanto K Roy told the BBC.

Compliance may also prove difficult for manufacturers.

“Most companies prohibit installation of any government or third-party app before the sale of a smartphone,” Roy noted. 

By Sabina Mammadli