India Mandates Pre-loaded Cybersecurity App on All New Smartphones, Sparks Privacy Row

India Mandates Pre-loaded Cybersecurity App on All New Smartphones, Sparks Privacy Row

The new rules present potential compliance challenges for smartphone manufacturers, as the order runs counter to the policies of most handset-makers, including Apple.

RMN News Technology Desk
December 3, 2025

New Delhi—India has ordered that all new smartphones manufactured or imported for use in the country must come pre-loaded with the state-run cybersecurity application, Sanchar Saathi. The order, which was passed last week and made public earlier this week, requires smartphone makers to ensure the app is installed on all new devices within 90 days. The move affects one of the world’s largest phone markets, which boasts more than 1.2 billion mobile subscribers.

Government Cites Cybersecurity and Fraud Prevention

The Department of Telecommunications (DoT) issued the directions to enhance the effectiveness of the Sanchar Saathi initiative and safeguard citizens from purchasing non-genuine handsets. Launched in January, the app allows users to check a device’s International Mobile Equipment Identity (IMEI), report lost or stolen phones, and flag suspected fraud communications.

The government emphasized that mobile handsets bearing duplicate or spoofed IMEI numbers pose “serious endangerment” to telecom cyber security. Additionally, the mandate aims to curb issues in India’s large second-hand mobile device market, where stolen or blacklisted devices are re-sold, which can inadvertently make the purchaser an “abetter in crime and causes financial loss to them”. The app has reportedly been successful in the recovery of lost phones, helping to retrieve over 700,000 devices, including 50,000 in October alone.

Under the new order, the pre-installed app must be “readily visible and accessible” to users during the device setup, and its functionalities cannot be disabled or restricted. Manufacturers and importers must also “make an endeavour” to provide the app through software updates for devices that are already out of factories but have not yet been sold. Companies have been given 120 days to provide compliance reports on the order.

Privacy and Surveillance Concerns

While the DoT frames the order as necessary for securing mobile handsets and curbing cyber frauds, the mandate has been heavily criticized by cyber experts who assert that it breaches citizens’ right to privacy.
Analysts pointed to the app’s broad permissions, which include the ability to make and manage phone calls, send messages, and access call logs, message logs, photos, files, and the phone’s camera.

Amid the criticism, India’s Minister of Communications Jyotiradtiya Scindia offered a clarification, writing on X that the system is “completely voluntary and democratic,” and that users may easily delete the app if they do not wish to use it. However, the minister did not clarify how a user could delete or restrict the app when the government’s order explicitly states that its functions “cannot be disabled or restricted”.

Compliance Challenges for Manufacturers

The new rules present potential compliance challenges for smartphone manufacturers, as the order runs counter to the policies of most handset-makers, including Apple. Most companies prohibit the pre-installation of any government or third-party app before the sale of a smartphone, except in places like China and Russia.

While the Indian smartphone market is dominated by Android, Apple’s iOS powered an estimated 4.5% of the 735 million smartphones in the country by mid-2025. Reuters reports that Apple does not intend to comply with the order and plans to “convey its concerns to Delhi”.

India is not the only nation tightening rules on device verification; Russia issued a similar order in August for mandatory pre-installation of a state-backed messenger app on all phones and tablets, sparking comparable privacy and surveillance concerns.