India’s Ministry of Communications has quietly instructed smartphone makers to preinstall a government cybersecurity app on all new devices, with no option to remove it. The directive, whose contents are likely to unsettle Apple and privacy advocates, comes amid a sharp rise in cybercrime and hacking. As in many other countries—including the recent example of Russia—India is tightening regulations designed to curb fraud involving stolen phones and to promote state-run digital services.
The new mandate covers Apple, which has previously clashed with the telecom regulator over an anti-spam app, as well as Samsung, Vivo, Oppo and Xiaomi. According to the November 28 directive, major manufacturers have 90 days to ensure that the Sanchar Saathi app is installed on all new devices, and it cannot be disabled. For units already in the supply chain, companies must distribute the app through software updates. The document has not been published and was sent to individual firms privately.
Technology-law specialists warn that the initiative raises serious concerns. “The state is effectively depriving users of informed choice,” said Mishi Choudhary, an internet-rights advocate. Analysts also noted that a similar requirement in Russia—mandating the installation of the state-backed messenger Max—faced strong criticism from privacy defenders.
India, one of the world’s largest mobile markets, has more than 1.2 billion subscribers. According to officials, the app launched in January has already helped recover more than 700,000 lost phones, including 50,000 in October alone. The government argues that the tool is essential to counter what it calls a “serious cybersecurity threat” posed by duplicate or fake IMEI numbers, which are used for fraud and network abuse.
Counterpoint Research estimates that by mid-2025, iOS accounted for about 4.5% of the 735 million smartphones in use across the country, with the rest running on Android.
A source familiar with Apple’s internal policies noted that the company preinstalls only its own apps and prohibits adding government or third-party services before a device is sold. “Apple has historically rejected such requests from governments,” said Tarun Pathak, research director at Counterpoint.
A source familiar with the situation believes the authorities may seek a compromise: rather than mandating preinstallation, they could negotiate with companies on a mechanism that nudges users to install the app themselves.
Apple, Google, Samsung and Xiaomi did not respond to requests for comment. India’s Ministry of Communications also declined to provide a response.
The IMEI is a unique 14–17-digit device identifier most commonly used to disconnect stolen phones from mobile networks. The Sanchar Saathi app is designed primarily to let users block and track lost or stolen smartphones across all networks using a centralised database. It also helps detect and deactivate fraudulent mobile connections.
Since launch, the app has been downloaded more than 5 million times. It has helped block over 3.7 million stolen or lost phones and has led to the deactivation of more than 30 million fraudulent subscriber lines.
The government says the software reduces cybersecurity risks, streamlines the search and blocking of missing devices, helps police track phones and prevents counterfeit handsets from reaching the black market.