India Mandates Cyber Safety App on All New Smartphones: A Privacy Concern

Tue Dec 02 2025 13:37:43 GMT+0200 (Eastern European Standard Time)

The Indian government requires all new smartphones to come pre-loaded with a non-removable cybersecurity app, raising alarms over privacy and government surveillance.

Recently, the Indian government mandated that all new smartphones must include a state-run cybersecurity app, 'Sanchar Saathi', which cannot be disabled or removed. This move, aimed at enhancing telecom security and user identification, has sparked significant privacy concerns among experts. Critics argue that the app infringes on users' privacy rights and turns smartphones into tools for state surveillance, as compliance from major brands like Apple seems uncertain. The app's sweeping permissions have intensified calls for scrutiny over user data protection.

India has ordered all new smartphones to come pre-loaded with a non-removable, state-run cybersecurity app, sparking privacy concerns.

Under the order - passed last week but made public on Monday - smartphone makers have 90 days to ensure all new devices come with the government's Sanchar Saathi app.

This is deemed necessary to help citizens verify the authenticity of a handset and report suspected misuse of telecom resources. However, in one of the world's largest phone markets, with over 1.2 billion mobile users, cyber experts have criticized the move for breaching citizens' right to privacy.

Launched in January, the Sanchar Saathi app allows users to check a device's IMEI (International Mobile Equipment Identity), which is essential for identifying and authenticating mobile devices on cellular networks. The app also enables users to report lost or stolen phones and flag suspected fraud communications.

India's Department of Telecommunications stated that mobile handsets with duplicate or spoofed IMEI numbers pose serious endangerments to cyber security, referencing the significant second-hand mobile device market and the risk of stolen or blacklisted devices being resold.

Under the new regulations, the pre-installed app must be readily visible and accessible to users at setup, and its functionalities cannot be disabled or restricted. Compliance reports are required from companies within 120 days.

While the government argues the app will bolster telecom security, privacy advocates worry about the app's extensive permissions, which may lead to unconsented data collection and surveillance. Critiques highlight that the inability to disable the app compromises the usual safeguards that prevent data access between different applications.

Gathering significant scrutiny, the board from the Internet Freedom Foundation has stressed that this regulation turns every smartphone into a controlled device subject to state monitoring.

Technology analysts have also pointed out the compliance challenges with this directive, especially for companies like Apple, which historically opposes pre-installing government applications. Reports indicate Apple intends to refuse compliance and address its concerns with Indian authorities.

This trend towards mandatory app installations is not limited to India; similar regulations were implemented in Russia, raising further privacy and surveillance issues.