New Delhi: The Ministry of Communications has directed smartphone makers to pre-install a government-owned cyber security app, Sanchar Saathi, on all new devices, and ensure users cannot delete it.

The move was detailed in an order first reported by Reuters on December 1 and raises serious privacy concerns.

Later, when the official direction became available thanks to a post on X by journalist Nikhil Pahwa, it turned out that it was under the October 2025 amendment of last year's Telecommunications (Telecom Cyber Security) Rules, 2024.

At midday on December 2, the telecommunications minister Jyotiraditya Scindia said that the app was optional, presumably as a result of the backlash. However, the government has not withdrawn its official notification which mandates the installation and non-removal of the app.

According to the Press Information Bureau-hosted press release of the ministry, manufacturer and importers of mobile handsets have 90 days complete the implementation of this direction and 120 days to submit a report.

The government, through its Department of Telecommunications, launched the Sanchar Saathi app in January. The government claims that the initiative is "for curbing misuse of telecom resources for cyber frauds and ensuring telecom cyber security." The app, according to the government, enables citizens to "check the genuineness of a mobile handset through the IMEI number along with other facilities like reporting suspected fraud communications, lost/ stolen mobile handsets, check mobile connections in their name, trusted contact details of banks/ financial institutions."

The IMEI or International Mobile Equipment Identity is a unique 15-digit code that helps phone companies and mobile networks identify and authenticate devices.

The direction to pre-install the app, the government says, is "to check the genuineness of mobile handsets."

To this end, the government mandates that phone makers and sellers:

i) Ensure that the Sanchar Saathi mobile application is pre-installed on all mobile handsets manufactured or imported for use in India.

ii) Ensure that the pre-installed Sanchar Saathi application is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted.

iii) For all such devices that have been already been manufactured and are in sales channels in India, the manufacturer and importers of mobile handsets shall make an endeavour to push the App through software updates.

For devices already in the supply chain, manufacturers have been told to push the app through software updates.

The Reuters report quoted a source familiar with Apple’s policies saying the company pre-installs only its proprietary apps and “its internal policies prohibit installation of any government or third-party app before sale of a smartphone”.

Later, the news agency reported that Apple does not plan to comply with a mandate to preload its smartphones with a state-owned cyber safety app and will convey its concerns to New Delhi.

The government in the directions notes that under the Rules, no person shall:

a) intentionally remove, obliterate, change, or alter the unique telecommunication equipment identification number; or

b) intentionally use, produce, traffic in, have control or custody of, or possess hardware or software related to the telecommunication identifier or telecommunication equipment, knowing it has been configured specified above.

Tech experts are among those have been vocal in the last few hours on the serious implications of making such an app mandatory.

The only country to have attempted this level of intrusiveness in the personal phones of all citizens is Putin’s Russia, the India Cable newsletter notes. A user on X has also cited North Korea.

Pahwa wrote on X that the embedding of Sanchar Saathi with no possibility of removal makes it "a government tracker on your device."

“IF the government is allowed to get away with this, what’s next? A mandatory digital ID app? Digiyatra forcefully installed on each device? An app that disables VPNs or tracks your app and browser history? An app that sends copies of your messages to the government once a month?

"Once the OS layer is opened to the state, it doesn’t close.”

The Internet Freedom Foundation has written in a detailed statement that the direction "represents a sharp and deeply worrying expansion of executive control over personal digital devices."

"The stated objective of curbing IMEI fraud and improving telecom security is, on its face, a legitimate state aim. But the means chosen are disproportionate, legally fragile, and structurally hostile to user privacy and autonomy. Clause 7(b) is the clearest expression of this."

Many have pointed to the lack of safeguarding of the data that the government collects. "...[T]he sad downside is the Indian government has shown rank disregard for safeguarding my data and privacy," said one Anand Sankar, who noted that they were not fundamentally opposed to the government accessing citizen's data.

Opposition Congress has rejected the app. Party veteran K.C. Venugopal wrote on X, "Big Brother cannot watch us. This DoT Direction is beyond unconstitutional. The Right to Privacy is an intrinsic part of the fundamental right to life and liberty, enshrined in Article 21 of the Constitution."

He called it a dystopian tool. "A pre-loaded government app that cannot be uninstalled is a dystopian tool to monitor every Indian. It is a means to watch over every movement, interaction and decision of each citizen. This is part of the long series of relentless assaults on the Constitutional Rights of Indian citizens and will not be allowed to continue. We reject this Direction and demand an immediate rollback."

"Even Pegasus seems more benign than this," noted journalist Suhasini Haidar.

Pegasus is a military-grade spyware which can surveil targets with the help of their phones. In 2021, The Wire, along with an international consortium of news outlets led by French media non-profit Forbidden Stories, broke the story on how journalists’, opposition leaders’, government critics’ and activists’ phone numbers were on a list of presumed Pegasus targets. Forensic tests on various devices by Amnesty International’s Security Lab also revealed that some activists and journalists’ phones had the spyware active. The NSO Group, who make Pegasus, have maintained that they only sell to "verified governments". In the Supreme Court, the Narendra Modi government has not revealed whether it uses Pegasus, citing "national security."

Pegasus was also invoked by Communist Party of India (Marxist) MP John Brittas who said, "Next step obviously: ankle monitors, collars & brain implants for 1.4 billion people. Only then will the government finally know what we really think [and] do."

The Wire is now on WhatsApp. Follow our channel for sharp analysis and opinions on the latest developments.