India has ordered all new smartphones to come pre-loaded with a non-removable, state-run cybersecurity app, sparking privacy concerns.
Under the order – passed last week but made public on Monday – smartphone makers have 90 days to ensure all new devices come with the government’s Sanchar Saathi app.
It says this is necessary to help citizens verify the authenticity of a handset and report the suspected misuse of telecom resources.
The move – which comes in one of the world’s largest phone markets, with more than 1.2 billion mobile users – has been criticised by cyber experts, who say it breaches citizens’ right to privacy.
Launched in January, the Sanchar Saathi app allows users to check a device’s IMEI, report lost or stolen phones and flag suspected fraud communications.
An IMEI – the International Mobile Equipment Identity – is a unique 15-digit code that identifies and authenticates a mobile device on cellular networks. The code is essentially the phone’s serial number.
In a statement, India’s Department of Telecommunications said that mobile handsets with duplicate or spoofed IMEI numbers pose “serious endangerment” to telecom cyber security.
“India has big second-hand mobile device market. Cases have also been observed where stolen or blacklisted devices are being re-sold,” it said, adding that this makes the purchaser an “abetter in crime and causes financial loss to them”.
Under the new rules, the pre-installed app must be “readily visible and accessible” to users when they set up a device and its functionalities cannot be disabled or restricted.
Smartphone makers must also “make an endeavour” to provide the app through software updates for devices that are out of factories but haven’t been sold yet, the statement said.
All companies have been asked to give compliance reports on the order in 120 days.
The government says the move will bolster telecom cybersecurity. A Reuters report, citing official figures, says the app has helped recover more than 700,000 lost phones – including 50,000 in October alone.
But experts say the app’s broad permissions raise concerns about how much data it can collect, widening the scope for surveillance.
“In plain terms, this converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove,” advocacy group Internet Freedom Foundation said in a statement.
The design – making the app impossible to disable – would also weaken the safeguards that normally stop one app from accessing another’s data, the group said.
This, it adds, effectively turns the app into “a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user.”
Technology analyst and writer Prasanto K Roy says the bigger concern is about how much access an app might eventually be allowed on the handset.
“We can’t see exactly what it’s doing, but we can see that it’s asking for a great deal of permissions – potential access to just about everything from flashlight to camera. This is itself worrying,” he told the BBC.
On Google’s Play Store, the app says it doesn’t collect or share any user data. The BBC has reached out to the department of telecommunications with questions about the app and the privacy concerns related to it.
Mr Roy adds that compliance will be difficult, since the order runs counter to the policies of most handset-makers, including Apple.
“Most companies prohibit installation of any government or third-party app before the sale of a smartphone,” he says.
While India’s smartphone market is dominated by Android, Apple’s iOS powered an estimated 4.5% of the 735 million smartphones in the country by mid-2025, according to Counterpoint Research.
“Apple has historically refused such requests from governments,” Tarun Pathak, a research director at Counterpoint, told Reuters.
Apple has not commented publicly, but Reuters reports it does not intend to comply and “will convey its concerns to Delhi.”
India is not the only country to have tightened rules on device verification.
In August, Russia ordered all phones and tablets sold in the country to come pre-installed with the state-backed MAX messenger app, sparking similar privacy and surveillance concerns.
Follow BBC News India on Instagram, YouTube, and Facebook.
