The Indian government has ordered all smartphones sold in the country to be forcibly preinstalled with the government-developed security application (app) "Sanchar Saathi."
The government said it is a policy to prevent cybercrime and recover lost smartphones. But opposition parties and civic groups strongly opposed it, saying it is a "Big Brother" law intended to monitor the public and violates constitutional fundamental rights. Global manufacturers such as Apple are also pushing back hard on technical and security grounds. It is an unprecedented situation in the world's largest democracy, which has more than 1.2 billion mobile users.
According to local outlets including the Times of India and the Hindustan Times on the 2nd (local time), the Department of Telecommunications (DoT) recently instructed smartphone manufacturers and importers to preinstall the Sanchar Saathi app on new devices shipped within 90 days. All manufacturers that sell smartphones in the Indian market, including Samsung Electronics, Xiaomi, Vivo and Apple, are subject to the order. The Department of Telecommunications also told companies to prompt installation via software updates on older devices already sold and in use.
Sanchar Saathi means "communication companion" in Hindi. Its main functions are tracking and blocking stolen or lost mobile phones. It recognizes the device's unique identification number (IMEI), which corresponds to a smartphone's resident registration number, and operates based on it. The Department of Telecommunications launched a portal service under this name in May last year and later improved it into an app. The government promoted that the system has helped find more than 700,000 lost mobile phones so far.
According to the Department of Telecommunications, manufacturers must prepare a compliance report on the app and submit it to the relevant department within 120 days. Failure to do so may result in sanctions under the Telecommunications Act enacted in 2023. In an official letter to manufacturers, the department also made it clear that "the app must be set so that its functions cannot be disabled or restricted." This means users should be prevented from arbitrarily deleting the app or turning off its functions.
India's opposition and civic groups immediately pushed back, citing concerns over privacy violations. Sanchar Saathi requests access to call records, text messages, location data and even the camera. Without function-restriction settings, the structure allows the government to look into personal smartphones at any time if it chooses.
The main opposition Indian National Congress (INC) criticized the app as a snooping app. Lawmaker Shashi Tharoor of the party said, "In a democracy, mandating something is highly problematic," adding, "Instead of issuing orders, the government should provide explanations that the public can accept."
Civil society argued that the measure is unconstitutional. The Internet Freedom Foundation (IFF), a digital rights group in India, said the move infringes on the right to privacy. The right to privacy is an essential part of the fundamental rights derived from the right to life and liberty set out in Article 21 of the Indian Constitution. Apar Gupta, director at IFF, said, "This app is, so to speak, like installing a government-only lock on the inside of your front door," and added, "The purpose of cybersecurity may be legitimate, but using such an app as the means violates the principle of proportionality and undermines user autonomy."
Experts said the backdrop to the Indian government's overreach is an intention to strengthen digital control. India is the world's No. 2 smartphone market, with more than 1.2 billion mobile users. According to the 2025 India Cyber Threat Report published by Seqrite, a cybersecurity company, an average of 702 potential security threats were detected every minute in India. At the same time, more than 8.4 million trojans and infections were recorded annually, leading to more than 369 million security incidents. Voice phishing and financial fraud have emerged as major social problems in India as well. The government's core rationale is to stop such widespread digital fraud damage and reduce device theft cases.
Before India, Russia also made it mandatory starting in 2021 to preinstall state-developed software on all smart devices sold domestically. In August this year, amid the war with Ukraine, it forced installation of the state-run messenger app "MAX." The app officially stated that it "provides user data to the authorities upon request." The move cannot avoid criticism that a forcibly installed app is a government surveillance tool.
The government led by Narendra Modi has even previously been at the center of allegations of surveillance using spyware. The allegation is that it surveilled opposition politicians, journalists and human rights activists using the Israeli-made spyware "Pegasus." The government denied it, but when the Supreme Court of India dissolved an investigative panel at the time, it specified that "the government did not cooperate (with the investigation)." Citing such precedent, experts worried that the forced app installation is not simply for strengthening cybersecurity but an intentional move toward "digital dictatorship."
As the controversy grew, Minister Jyotiraditya Scindia of the telecommunications ministry moved to calm the situation. Scindia said, "This app is completely voluntary and democratic," and added, "Users can delete it at any time if they want." But even global smartphone manufacturers are taking a confrontational stance against the Indian government, citing security and user protection as top priorities. Apple, in particular, is said to be resisting most firmly. According to Reuters and other foreign media, Apple has internally decided not to comply with the Indian government's order. Apple has not allowed pre-loading of carrier or government apps in any country worldwide.
Reuters, citing experts, warned that "an app that reaches deep into the operating system risks creating a security backdoor that hackers could exploit," and that "linking the data of 1.2 billion Indians to a single app creates a fatal 'single point of failure' from a hacking perspective."