India’s communications ministry has quietly instructed major smartphone makers to embed a government-operated cybersecurity app into every new device sold in the country.
The directive, dated November 28 and shared privately with select companies, gives them 90 days to comply.
The order requires the Sanchar Saathi app to come pre-installed on all new phones and prevents users from deleting it. Devices already in the supply chain must receive the app through a software update.
The confidential instruction applies to companies including Apple, Samsung, Xiaomi, Vivo, and Oppo.
Officials describe the move as part of a national strategy to reduce the growing wave of cyber fraud and phone-related crimes.
Sanchar Saathi connects to a central database that allows users and authorities to locate, block, and deactivate lost or stolen phones.
Government data shows the app has had notable reach since its launch in January. It has helped trace more than 700,000 missing phones and blocked over 3.7 million devices identified as stolen or counterfeit. Officials also report that more than 30 million fraudulent connections have been shut down using its systems.
The ministry says the requirement is aimed at preventing manipulation of IMEI numbers, which are unique identification codes assigned to each phone.
Duplicate or falsified IMEIs are often used in mobile scams and the resale of stolen handsets. The government argues that embedding Sanchar Saathi in all devices will strengthen network security and make stolen phones harder to exploit.
Apple is expected to resist the mandate. The company’s policy prohibits preloading government or third-party software on iPhones before sale, a position that has previously caused tension with Indian regulators.
If Apple were to comply with India’s directive and begin pre-installing the Sanchar Saathi app on iPhones, it could set a precedent with far-reaching consequences.
A single concession of this nature would signal to governments worldwide that Apple’s long-standing policy against mandatory app installations can be bent under pressure.
Other authorities, citing national security or consumer protection, might then feel justified in demanding that Apple and other smartphone manufacturers preload their own state-backed applications. Once that door is opened, it becomes increasingly difficult to close.
The risk goes beyond simple software management. Government-mandated apps often come with expansive access permissions, sometimes including location data, call records, or network identifiers.
Even if such access is officially limited to cybersecurity or theft prevention, the potential for mission creep is significant. Future administrations could expand those powers quietly through updates or legal amendments, turning what began as a security tool into a mechanism for data monitoring and behavioral tracking.
