India’s telecom ministry has ordered major smartphone manufacturers to install a non-removable, state-owned cybersecurity app on all new devices sold in the country, a move critics describe as a “disturbing expansion of executive control over personal digital devices.”
The directive, issued on November 28 to major companies including Apple, Samsung, Xiaomi, Oppo, and Vivo, requires compliance within 90 days. The app, named Sanchar Saathi, must be preloaded onto new phones, and users will not be able to delete or disable it. For devices already in manufacturing or in the supply chain, manufacturers are instructed to push the app through software updates.
This initiative aims to combat cybercrime and prevent the fraudulent use of stolen phones but has raised concerns among global device makers, particularly Apple, which has previously faced scrutiny from Indian regulators regarding mandatory government applications.
The mandate is issued under the Telecommunication (Telecom Cyber Security) Rules, 2024, which were amended in October 2025, regulating issues such as IMEI number tampering and obligating manufacturers and importers of telecom equipment to comply with government requests in cases of altered identifiers. The Department of Telecommunications (DoT) emphasizes that the Sanchar Saathi platform allows users to verify mobile device authenticity, report fraud, and assist authorities in tracing stolen or compromised devices.
India is joining a growing list of countries, including Russia, that have mandated preloaded apps as part of their cybersecurity strategies. However, the requirement raises significant privacy concerns for both advocates and technology firms. The DoT justifies this mandate by stating that “mobile handsets bearing duplicate or spoofed IMEIs seriously threaten telecom cybersecurity.”
According to the order, every new mobile handset made or imported for use in India must have the Sanchar Saathi app installed, visible and accessible during the initial setup. Manufacturers must submit compliance reports within 120 days, with non-compliance potentially leading to repercussions under the Telecommunications Act of 2023 and other relevant laws.
The order, which takes immediate effect, could escalate tensions between the government and companies like Apple, which have resisted the implementation of government-backed apps due to privacy and security concerns.
The Internet Freedom Foundation (IFF) has expressed strong opposition to the directive, calling it “a worrying expansion of executive control over personal digital devices.” They argue that it effectively transforms every smartphone sold in India into a platform for undeletable state software that users cannot control. The IFF warns that this kind of mandate likely requires the app to function with system-level privileges, which can compromise user data protection.
In a notable reference, the IFF cited the Supreme Court’s K.S. Puttaswamy (2017) judgment on privacy, arguing that the new mandate does not meet the proportionality requirements for an intrusion into fundamental rights. They assert that compelling a permanent installation for an infrequent verification function exemplifies disproportionate government action, especially when less invasive tools for IMEI verification are already available.
Furthermore, the IFF raised concerns about potential “function creep,” pointing out that the vague language in the directive could allow for an expansion of the app’s capabilities beyond just IMEI checks. They expressed apprehension that the app could later be utilized for broader surveillance activities.
The IFF announced plans to file a Right to Information request to obtain the full order and the government’s rationale for its issuance, stating their commitment to challenge this directive until it is rescinded.
Tags: India directs Apple, Samsung, Xiaomi and others to preload non-removable state cybersecurity app Extract 5 SEO-friendly keywords as tags. Output only keywords, comma separated.
Hashtags: #India #directs #Apple #Samsung #Xiaomi #preload #nonremovable #state #cybersecurity #app
