Ask Onix
India Orders Pre-Loaded State Cybersecurity App on New Phones
India's government has directed all smartphone manufacturers to pre-install its Sanchar Saathi cybersecurity application on new devices, a mandate unveiled Monday after being issued last week. Companies have 90 days to comply, ensuring the app remains undeletable and fully functional, though officials later claimed users could remove it if desired.
The policy, targeting one of the world's largest mobile markets with over 1.2 billion users, requires the app to be "readily visible and accessible" during device setup. Authorities argue it will help citizens verify handset authenticity, report stolen devices, and flag fraudulent communications via IMEI (International Mobile Equipment Identity) checks.
Privacy Advocates Raise Surveillance Concerns
Critics warn the app's permissions-including access to calls, messages, photos, files, and cameras-transform smartphones into tools for state surveillance. The Internet Freedom Foundation called it a "vessel for mandatory software that users cannot refuse, control, or remove."
While the app's Play Store listing claims no data collection, experts like technology analyst Prasanto K Roy highlight its broad access requests. "We can't see exactly what it's doing, but the permissions suggest potential access to nearly everything-flashlight, camera, you name it," Roy told the BBC, noting compliance challenges for manufacturers like Apple, which prohibits pre-sale third-party installations.
Government Defends Voluntary Use
Communications Minister Jyotiraditya Scindia asserted the app is "voluntary and democratic," stating users could delete it. However, he did not explain how deletion would work if functionalities cannot be restricted. The Department of Telecommunications cited risks from duplicate or spoofed IMEIs, linking them to stolen device resales and financial fraud.
"Mobile handsets with duplicate or spoofed IMEI numbers pose serious cybersecurity threats. Purchasers of such devices unwittingly become abetters in crime."
India's Department of Telecommunications
Industry Pushback and Global Precedents
Apple, holding ~4.5% of India's 735 million smartphones (per Counterpoint Research), reportedly refuses compliance and plans to raise concerns with Delhi. Reuters noted the app has aided recovery of over 700,000 lost phones, including 50,000 in October 2025.
The mandate echoes Russia's August 2025 order requiring pre-installed MAX messenger apps, which also sparked privacy debates. Manufacturers must submit compliance reports within 120 days, extending the app to unsold inventory via software updates where possible.
Key Questions Remain
Unaddressed concerns include:
- How deletion aligns with the "non-restrictable" functionality rule.
- Whether the app's data access contradicts its Play Store privacy claims.
- Potential conflicts with global manufacturers' policies (e.g., Apple's opposition).
The BBC has sought clarification from the Department of Telecommunications.
