This photo illustration taken on December 2, 2025 shows the icon of the cyber safety application Sanchar Saathi on the screen of a smartphone in New Delhi. India has ordered smartphone makers to pre-install a government-run cyber security app that cannot be removed, a move that has raised concerns about users' privacy. (Photo by Sajjad Hussain/ AFP)
New Delhi, India: India has ordered smartphone makers to pre-install a government-run cyber security app that cannot be removed, a move that has raised concerns about users' privacy.
The country has a massive 1.16 billion mobile phone users, according to government data from 2024, and authorities say the app will better protect them from fraud.
Late on Monday, New Delhi gave manufacturers 90 days to comply with new rules saying the app "Sanchar Saathi" -- meaning communication partner in Hindi -- must be "pre-installed on all mobile handsets manufactured or imported for use in India".
The order, detailed in a press release, also asked phone makers to ensure the app was "readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted".
The government said the app was designed to allow users to block and track lost or stolen phones.
It also lets them identify and disconnect fake mobile subscriptions made in their name, among other functions.
Government figures show the app has already helped trace more than 2.6 million phones.
However, rights advocates and politicians have sounded the alarm over potentially serious consequences.
Advocacy group Internet Freedom Foundation (IFF) said Tuesday it was concerned about the new directive.
The order "represents a sharp and deeply worrying expansion of executive control over personal digital devices", it said in a statement on X.
"The state is asking every smartphone user in India to accept an open ended, updatable surveillance capability on their primary personal device, and to do so without the basic guardrails that a constitutional democracy should insist on," the IFF said.
For devices that have already been manufactured and exist in the market across the country, the government mandated that "the manufacturer and importers of mobile handsets shall make an endeavour to push the App through software updates."
Cyber security analyst Nikhil Pahwa said the rules were "clearly" an invasion of privacy.
"How do we know this app isn't used to access files and messaging on our device, which is unencrypted on device? Or a future update won't do that?" he said on X.
"This is clearly an invasion of our privacy," he added.
In August, Russia issued a similar directive ordering manufacturers to include a new messaging platform called Max on all new phones and tablets, but rights advocates warned the app could be used as a powerful surveillance tool.
