India Mandates State Cybersecurity App on New Smartphones: Privacy Concerns Arise

Fri Dec 05 2025 11:38:58 GMT+0200 (Eastern European Standard Time)

The Indian government has ordered smartphone manufacturers to install a state-run cybersecurity app on all new devices, igniting controversy over privacy rights.

India is requiring all new smartphones to come pre-loaded with a non-removable cybersecurity app, the Sanchar Saathi, raising eyebrows among privacy advocates. While the government argues this move will enhance telecom security and help users verify device authenticity, experts caution about the surveillance potential. The app, which is supposed to help prevent fraud and track lost devices, has sparked debate over user privacy and the extent of data that the government can access.

India has ordered all new smartphones to come pre-loaded with a non-removable, state-run cybersecurity app, sparking privacy concerns. Under the order, passed last week but made public on Monday, smartphone makers have 90 days to ensure all new devices come with the government's Sanchar Saathi app.

The app is intended to help citizens verify the authenticity of a handset and report misuse of telecom resources. However, this move comes in one of the world's largest phone markets, with over 1.2 billion mobile users, and has faced criticism from cyber experts who say it breaches citizens' right to privacy.

Launched in January, the Sanchar Saathi app enables users to check a device's IMEI, report lost or stolen phones, and flag suspected fraudulent communications. The IMEI is a unique code that identifies a mobile device on cellular networks.

The Indian government claims that mobile handsets with duplicate or spoofed IMEI numbers pose a serious risk to telecom cybersecurity. They note that the second-hand mobile device market can involve the sale of stolen or blacklisted phones, putting users at risk.

According to the new regulations, the pre-installed app must be visible and accessible to users during device setup, with its functionalities not able to be disabled. Smartphone companies must also work to provide the app through software updates for unsold devices from their factories.

Experts have raised concerns about the app's extensive permissions, suggesting it could enable a wide range of data collection and surveillance. Technology analyst Prasanto K Roy pointed out that while the app states it collects no user data, the permissions it requests raise questions about privacy and access to user information.

With compliance expected from companies within 120 days, the order poses challenges, especially for brands like Apple, which traditionally resist such pre-installation directives. India's requirement mirrors similar moves in other countries that have tightened device verification regulations.