In a landmark move affecting one of the world’s largest telecommunications markets, the Indian government has mandated the compulsory pre-installation of its state-developed Sanchar Saathi application on all new smartphones. The directive, issued by India’s Department of Telecommunications, provides manufacturers a 90-day compliance window to integrate this non-removable cybersecurity tool into devices destined for the Indian market, which serves over 1.2 billion mobile subscribers.
The government justification centers on enhancing telecom cybersecurity by combating device fraud through International Mobile Equipment Identity (IMEI) verification. Officials cite India’s substantial second-hand device market as particularly vulnerable, noting that stolen or blacklisted phones with duplicate IMEI numbers frequently resurface in consumer hands. The pre-loaded application enables users to authenticate handsets, report lost or stolen devices, and identify suspected fraudulent communications.
However, digital rights organizations and cybersecurity experts have raised significant concerns about the implementation. The Internet Freedom Foundation characterizes the mandate as transforming every smartphone into ‘a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove.’ Technical concerns focus on the application’s broad system permissions and its design as an immutable component within device operating systems, potentially creating surveillance vulnerabilities by bypassing standard inter-app security protocols.
Industry compliance presents additional challenges, particularly for manufacturers like Apple that historically resist third-party software mandates. While Android devices dominate India’s market (approximately 95.5% share according to Counterpoint Research), Apple’s estimated 4.5% market share represents significant leverage in negotiations. Reuters reports the technology giant intends to formally communicate its reservations to Indian authorities rather than comply with the directive.
This development places India alongside nations like Russia, which implemented similar pre-installation requirements for state-backed applications earlier this year, highlighting the growing global tension between national security objectives and digital privacy rights in telecommunications policy.