Staff Reporter

India’s Ministry of Communications has issued a sweeping directive mandating smartphone manufacturers to pre-install a government-run cybersecurity application called  “Sanchar Saathi,” on all new devices.

The move has immediately caused a major backlash from privacy advocates, and is expected to face resistance from major tech companies, including Apple.

Issued yesterday, the order gives smartphone makers a 90-day deadline to comply.

The mandate extends beyond new devices, requiring manufacturers to push the app onto older models through software updates.

The Minister for Communications, Jyotiraditya M. Scindia, has clarified that the app would be optional and deletable by the user, a statement that contradicts the written order demanding that the app’s functionalities must not be disabled or restricted.

The Ministry insists the app is an essential tool for curbing misuse of telecom resources for cyber frauds and ensuring telecom cyber security.

Since its launch in January, the app has been credited with helping to recover more than 700,000 lost or stolen devices and has accumulated over 5 million downloads voluntarily.

“This is the beginning. It is government testing the waters,” said Nikhil Pahwa, a digital policy expert and founder of the tech site MediaNama.

“Once a government app is forcibly pre-installed on our devices, what’s to stop them from pushing future apps that could be used for surveillance?”

The mandatory installation is viewed as a removal of user consent, especially given the app’s request for permissions that include camera access and the ability to monitor calls and messages, functions necessary for its current purpose (tracking lost devices).

“Phones are our personal spaces. We have a choice to have what we want on them. Here the government is taking away that choice,” Pahwa stated.

The directive comes as other governments, notably Russia with its state-backed MAX messaging service, have taken similar steps to force the pre-installation of state-owned apps, often leading to similar debates over state access to private user data.

The Indian mandate gives manufacturers a total of 120 days to file a compliance report.