India's government has ordered smartphone makers to install a mandatory, state-run cybersecurity application on all new devices sold in the country, a move that has triggered alarm among privacy advocates and set up a potential clash with Apple and other global manufacturers. The directive, issued confidentially by India's telecommunications department, requires the Sanchar Saathi security tool to be preloaded and prevents users from removing it-a mandate critics say raises serious questions about consent and digital surveillance.
The order arrives as India attempts to confront a surge in digital fraud and handset-related crime. Officials argue the app is necessary to prevent the misuse of stolen mobile phones and to strengthen national oversight of devices circulating across the country's vast 1.2-billion-user telecom market. The application has already played a substantial role in tracking and disabling missing devices, according to government data.
Manufacturers have been given three months to comply. The directive, dated Nov. 28 and reviewed by Reuters, states that Sanchar Saathi must be installed on all forthcoming smartphone models before they reach store shelves. For phones already in distribution channels, companies must deploy the tool through over-the-air updates. The instruction was not made public and was circulated only to select handset makers.
Apple, Samsung, Xiaomi, Oppo and Vivo are among the companies required to meet the obligation. Apple is expected to push back, according to people familiar with its policy, as the company prohibits "the pre-sale embedding of any government-supplied or external application on a mobile telephone." The company has previously resisted efforts by Indian regulators to force the installation of an anti-spam app. Tarun Pathak, research head at Counterpoint, said, "Apple has historically refused such requests from governments," adding that the company is likely to pursue a negotiated alternative, potentially seeking a system that "might negotiate and ask for an option to nudge users towards installing the app."
Privacy groups say the new rule oversteps. Technology lawyer and internet-rights advocate Mishi Choudhary said the requirement means "the government effectively removes user consent as a meaningful choice." Critics have compared the policy to Russia's mandate forcing manufacturers to preload the MAX communication app, a measure that faced backlash earlier this year.
Indian officials are defending the program by pointing to its recent success in retrieving lost devices and shutting down fraudulent mobile lines. The system, which became operational in January, has helped locate more than 700,000 missing handsets, including 50,000 in October alone. Authorities say the app's ability to disable stolen phones across all networks helps suppress gray-market trafficking and protects consumers from identity fraud tied to illicit handset usage.
Central to the government's argument is the rising misuse of manipulated International Mobile Equipment Identity numbers, or IMEIs. These 14- to 17-digit identifiers allow operators to cut service to stolen devices, but cloned or altered IMEIs have contributed to rising scams. Officials describe this trend as a "serious endangerment" to communications security and say unified enforcement through the Sanchar Saathi platform is needed to block illegitimate connections.
Since its launch, the app has accumulated more than five million downloads and has been used to disable over 3.7 million stolen or missing phones. It has also enabled the termination of more than 30 million unauthorized mobile connections registered under falsified or duplicated identities. Supporters argue that the tool is essential for law enforcement and reduces the circulation of counterfeit devices.
