Late November 2025, India’s telecom regulator quietly issued a directive demanding that all smartphone manufacturers pre-install the state-owned security app Sanchar Saathi on every new handset sold in the country. At the same time, the order called for the app’s retroactive installation on already-sold devices—with no option for users to disable or remove it. The stated goals included tackling widespread phone theft, blocking fraudulent SIM registrations, and combating telecom-related cyber fraud.
For a country with more than 1.2 billion mobile subscribers and a vast second-hand handset market, the logic made some sense on paper. The authorities claimed that by maintaining a centralized tracking system linked to device IMEI and phone-number metadata, they could significantly reduce device-theft, clone-SIM fraud, spam, and other telecom-enabled scams.
Yet the mandate triggered immediate and intense backlash.
𝗣𝘂𝗯𝗹𝗶𝗰 𝗙𝗲𝗲𝗿, 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗔𝗹𝗲𝗿𝘁𝘀
Within hours of the mandate’s leak, digital-rights groups, privacy advocates, major manufacturers and ordinary citizens voiced concern. Critics warned that the app were forced and made undeletable would turn every personal device into a permanent government surveillance vector. For them, the issue was not just about convenience, but about consent, autonomy, and civil rights.
Major smartphone brands reportedly balked. iPhone maker Apple — known globally for its strong stance against third-party pre-installs — reportedly refused to comply. Meanwhile, opponents inside India’s parliament and civic-liberties leaders described the mandate as “dystopian,” warning that it replicates heavy-handed surveillance models seen in authoritarian regimes.
𝗖𝗼𝗹𝗹𝗮𝗽𝘀𝗲 𝗼𝗳 𝗧𝗵𝗲 𝗠𝗮𝗻𝗱𝗮𝘁𝗲
Under rising pressure, and barely days later — on December 3, 2025 — the government withdrew the pre-installation order. In its statement, the Department of Telecommunications claimed that growing voluntary adoption of Sanchar Saathi rendered mandatory installation unnecessary. The app will remain available, but installation on new or existing devices is now optional.
This sudden U-turn marks a rare instance of regulatory retreat under public pressure. The reversal underlines how sensitive issues around surveillance, consent, and device autonomy remain — even when they are wrapped in cybersecurity and fraud-prevention narratives.
𝗔𝘁 𝗪𝗵𝗮𝘁 𝗖𝗼𝘀𝘁? 𝗥𝗶𝘀𝗸𝘀 𝘁𝗼 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗔𝗻𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆
Even without the mandate, Sanchar Saathi’s existence raises important questions. The app requires broad permissions: access to device IMEI, call and message logs, network data, and other system-level metadata. If exploited or mismanaged, such capabilities could enable mass tracking or retrospective surveillance — especially in a country with over a billion mobile users.
Cybersecurity professionals and privacy experts warn that centralized control over mobile identifiers can become a backdoor to pervasive monitoring. The risk intensifies if state agencies or telcos collaborate on data sharing or user profiling in the name of “fraud prevention.”
Further, second-hand market dynamics a major reason cited for the mandate remain unresolved. Without strict oversight and transparency, devices with cloned or tampered IMEIs will continue to pose fraud, theft, and resale-market challenges.
𝗪𝗵𝗮𝘁 𝗨𝗻𝗷𝘂𝘀𝘁𝗶𝗳𝗶𝗲𝗱 𝗔𝗽𝗽 𝗠𝗮𝗻𝗱𝗮𝘁𝗲𝘀 𝗧𝗮𝘂𝗴𝗵𝘁 𝗨𝘀
This episode demonstrates several hard lessons for mobile-security policy and digital-rights frameworks:
-
Even well-intentioned cybersecurity tools become problematic if imposed without consent.
-
Pre-installation mandates especially those preventing removal, undermine user autonomy and trust.
-
In massive mobile ecosystems, technical solutions (like IMEI tracking) must be balanced with robust data-governance and transparency safeguards.
-
Public scrutiny and industry pushback still matter; regulators may rethink policies when users, experts, and vendors unite.
𝗡𝗲𝘅𝘁 𝗠𝗲𝗮𝗻𝗶𝗻𝗴𝗳𝘂𝗹 𝗠𝗼𝘃𝗲𝘀 𝗳𝗼𝗿 𝗜𝗻𝗱𝗶𝗮
Going forward, India must pursue mobile-security reforms, but in a way that respects user consent and human rights. Instead of forced pre-installation, regulators could:
-
Encourage voluntary download of security apps (with transparent opt-in)
-
Provide open-source auditing and privacy-impact assessments for any government app
-
Enforce data-minimization, purpose limitation, and strict user consent
-
Involve civil-society / privacy experts before deploying wide-scale telecom regulation
Only this approach can balance mobile-fraud defense with individual privacy, and avoid repeating a blunder like the Sanchar Saathi mandate.
FAQS
Q: What is the “Sanchar Saathi” app?
A: Sanchar Saathi is a government-run mobile application launched by India’s Department of Telecommunications (DoT). It allows users to track or block lost or stolen phones, verify device IMEI authenticity, and report suspicious or fraudulent SIM registrations or telecom fraud.
Q: Why did the Indian government want it pre-installed on every smartphone?
A: The mandate aimed to curb mobile-theft, prevent cloned or spoofed IMEI devices, stop fraudulent numbers and SIM-fraud, and reduce cyber-enabled scams in a country with more than 1.2 billion mobile subscribers and a massive second-hand device market.
Q: What were the main concerns raised against the mandate?
A: Critics warned that pre-installing a non-removable government app on all devices would infringe on user privacy and consent. They argued it could turn phones into tools for mass surveillance, compromise user autonomy, and collude with state data-collection practices beyond what is necessary for fraud prevention.
Q: Did big tech companies resist the mandate?
A: Yes. Companies like Apple reportedly refused to comply, citing their global policy against pre-installing third-party or government apps. Other handset makers also reportedly pushed back. This resistance contributed to the government reversing the mandate.
Q: What happened after the backlash?
A: On December 3, 2025, the government officially withdrew the order. It announced that Sanchar Saathi would remain available, but installation on new or existing devices will be optional.
Q: Does the app still exist? Can users install it voluntarily?
A: Yes. The app remains publicly available and users may install it via app stores if they choose. The government now emphasizes user choice rather than mandatory compliance.
Q: What does this incident teach about mobile-security policy?
A: It highlights that security tools imposed without user consent can backfire, causing public distrust and resistance. Effective mobile-security policies must balance fraud prevention with privacy rights, transparent governance, opt-in consent, and minimally invasive designs.
2 thoughts on “India Pulls Back on “Sanchar Saathi” App Mandate Surveillance”