India Mandates Cybersecurity App on New Smartphones, Raising Privacy Concerns

Wed Dec 03 2025 16:19:27 GMT+0200 (Eastern European Standard Time)

In a controversial move, the Indian government requires that all new smartphones come pre-loaded with a state-run cybersecurity app, leading to backlash from citizens and experts over privacy rights.

The Indian government has ordered smartphone manufacturers to install a state-run app, Sanchar Saathi, on all new devices. This requirement has triggered concern regarding privacy and surveillance, as the app possesses vast permissions that enable it to access personal information. Although officials claim that users can delete the app, questions remain about its mandatory functionalities. As the Indian market continues to grow, the mandate becomes a focal point of debate over data privacy in technology.

India has ordered all new smartphones to come pre-loaded with a state-run cybersecurity app, sparking privacy and surveillance concerns.

Under the order - passed last week but made public on Monday - smartphone makers have 90 days to ensure all new devices come with the government's Sanchar Saathi app, whose functionalities cannot be disabled or restricted.

This initiative aims to help citizens verify the authenticity of a handset and report suspected misuse of telecom resources.

Critics, including cyber experts, argue that this move infringes on citizens' right to privacy.

The app's privacy policy allows it to access call logs, messages, photos, files, and even control the phone's camera. Advocacy groups have raised alarms that the app transforms every smartphone into a platform for state-mandated software.

India's Minister of Communications has stated that while the app's installation is ostensibly voluntary, the assurances regarding its removal are unclear given its unremovable functionality.

The Sanchar Saathi app, launched earlier this year, is intended to assist users in checking a device's IMEI, reporting lost or stolen phones, and flagging fraudulent communications.

The government asserts that this mandate will strengthen cybersecurity against threats posed by fake or duplicate devices, particularly in India's bustling second-hand mobile market.

However, the broad permissions requested by the app have raised significant concerns over how much data it could ultimately collect, potentially expanding government surveillance capabilities.

While compliance within the smartphone industry poses challenges, especially for companies like Apple, which typically do not pre-install government apps, the Indian government is demanding compliance reports within 120 days.

The discussion around the app's implications echoes similar privacy-related decisions made by other nations, emphasizing a global dialogue about surveillance and individual rights in the digital age.