India Mandates State-Run Cyber Safety App on All New Smartphones
India has ordered all new smartphones to come pre-loaded with a state-run cybersecurity app, sparking privacy and surveillance concerns.
Under the order passed last week but made public on Monday, smartphone makers have 90 days to ensure all new devices come with the government's Sanchar Saathi app, whose functionalities cannot be disabled or restricted.
The government states this is necessary to help citizens verify the authenticity of a handset and report suspected misuse of telecom resources. However, this move, which comes in one of the world's largest phone markets, has been criticized by cyber experts for breaching citizens' right to privacy.
Under the app's privacy policy, it can make and manage phone calls, send messages, access call and message logs, photos and files as well as the phone's camera. Advocacy group Internet Freedom Foundation has stated, In plain terms, this converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove.”
Amid the growing criticism, India's Minister of Communications Jyotiradtiya Scindia has clarified that mobile phone users will have the option to delete this app if they don't want to use it. He mentioned on X, This is a completely voluntary and democratic system - users may choose to activate the app and avail its benefits, or if they do not wish to, they can easily delete it from their phone at any time.” However, he did not clarify how this would be achieved given the app's mandatory nature.
Launched in January, the Sanchar Saathi app allows users to check a device's IMEI, report lost or stolen phones, and flag suspected fraudulent communications. The government's Department of Telecommunications cites concerns over duplicate or spoofed IMEI numbers posing serious risks to telecom cybersecurity.
The pre-installed app is required to be readily visible and accessible to users when they set up a device. Smartphone manufacturers must also provide this app through software updates for unsold devices. Compliance reports on this order must be submitted within 120 days.
While the app has allegedly helped recover over 700,000 lost phones, experts warn that its broad permissions could lead to significant data collection, raising further surveillance concerns. The challenges of compliance loom large, especially since major smartphone manufacturers typically restrict governmental software installations.
News reports indicate that Apple may not comply with the order and plans to voice its concerns to the Indian government. This move by India mirrors similar actions taken by other countries, such as Russia, which mandated the installation of a state-backed app on sold devices.
