New Delhi: The Sanchar Saathi app is now in the headlines less for its safety features and more over privacy concerns after the government mandated its pre-installation on all new mobile devices in India from March 2026.
A terse Department of Telecommunications (DoT) order, dated 28 November, directed manufacturers and importers to pre-install the app on all handsets “intended for use in India”, make it visible at first setup and ensure its “functionalities are not disabled or restricted”.
The order also asked companies to comply within 90 days and file reports. For devices already in the pipeline, it urged pushing the app via software updates. The clear rules have left many shocked.
Sanchar Saathi was introduced in 2023 as a web portal meant to help telecom users report fraudulent calls, block stolen phones and check mobile connections issued in their names. At the heart of the system is CEIR—the Central Equipment Identity Register, a government database that records legitimate IMEI numbers of all mobile devices. Making the app mandatory, the government argues, will strengthen this system.
The app’s features are useful in a market with millions of refurbished and cloned phone devices. According to government figures, more than 5 million people have downloaded the app since it first came out and it has helped find more than 7 lakh lost devices, block 3.7 million stolen devices, and terminate 30 million fraudulent mobile connections.
But, critics say, the devil lies in the mandatory nature of the app installation, as directed now.
When elevated from an optional download to a system-level component which cannot be disabled, the app’s permissions profile—for call logs, SMS, camera, photos, videos, device and network state—raises the spectre of surveillance and “function creep”, where future updates quietly expand capability beyond the original mandate.
Does the mandatory installation on a personal device erode the right to privacy affirmed by the Supreme Court in 2017, is the question being asked by many political leaders and digital-rights groups.
The outcry prompted a rapid clarification from the government. Communications minister Jyotiraditya Scindia Tuesday told reporters the app is “voluntary” and can be deleted, a statement that sits uneasily next to the DoT directive’s language about its functionality—that it cannot be disabled.
Scindia also spoke in Parliament about the app Wednesday. Replying to a question by Congress MP Deepender Singh Hooda, the minister said: “I want to keep all the facts in front of the nation. We have one billion (mobile) users, but there are elements who use it in a negative manner. It is the government’s duty to keep the citizens safe.”
“Sanchar Saathi portal was started in 2023 with this in mind, and the app was brought in 2025… we decided to give a choice to all the citizens. If the app is on your phone, it does not mean it will operate automatically. Till the user registers on the app, it will not operate.”
Scindia also said the government was ready to bring a change in the DoT order if public feedback so demanded.
ThePrint reached out to subject matter experts to seek clarity on the concerns surrounding the app.
Also Read: Bhima Koregaon suspect’s laptop was hacked to plant evidence, US firm claims. NIA rejects it
Is app beneficial to mobile users?
Apar Gupta, a practicing advocate and founder director of Internet Freedom Foundation (IFF), said the app indeed had some benefits for the user but pointed out that these were available through the web portal as well. Gupta opines that making the app a mandatory installation does not have any added benefit.
“In principle, Sanchar Saathi offers some useful features. It can help a user check if a handset’s IMEI is genuine, block a phone if it is lost or stolen, and see how many SIMs are issued in their name. These are legitimate and helpful functions. The problem is not that these services exist, but that they are being pushed through a mandatory app on every new phone,” Gupta said.
“All of these functions are already available via the existing web portal, SMS, or USSD. A user should be free to decide whether they want an app for this, or whether they prefer to use these services occasionally through other channels. There is no clear, technical justification for making a permanent app the default condition for using a smartphone in India.”
Similarly, Nikhil Pahwa, journalist, digital rights activist, and founder of MediaNama, said that no app should be forced to be installed on users’ devices.
“And if something is beneficial to us, the government should make an effort in terms of promoting it so that we can choose whether we want to have it or not. Having it shoved down our throats is not a solution,” he added.
Question of surveillance & hacking
The DoT order has also triggered a privacy debate on user information, a similar one that took place over Aadhaar data storage.
Critics are worrying about surveillance by the government into the daily activities of individuals and malware allegedly being placed in phones for spying.
Pahwa, elaborating further, gave the example of the Bhima Koregaon case. He said there was no evidence that the app could not insert incriminating information using malware into phone devices.
“If you go back to the Bhima Goregaon case about 10 years ago, forensic analysis had indicated that malware was used to insert incriminating documents onto laptops. Now, with this app, a political party in power could plant documents onto an opposition politician’s or a journalist’s device to incriminate them,” said Pahwa.
He added that the government, through the mandatory app directive, was “installing a security vulnerability into devices in the guise of enabling security”.
According to Pahwa, the app was exposed to the great risk of being hacked, and when made a compulsory installation, it could lead to millions of phones being exposed to security threat due to one app.
Gupta also expressed scepticism on the privacy policy of the app, asserting that “such a step has to be tested against legality, necessity, and proportionality”.
Aishwarya Kaushiq, partner at disputes and transactional law firm BTG Advaya, concurred with the others, saying that while the stated objective of the app was consumer safety and fraud prevention, the mandate raised legitimate questions around user consent, privacy, backend data access, and the absence of publicly-available technical standards governing data collection, retention, and oversight.
“A non-removable state-run app on every device will understandably attract scrutiny from users, civil society, and global manufacturers.”
‘Risk to people, no accountability’
In today’s digital world where data privacy has become a luxury, most users are aware of how big tech companies like Meta, Google, Microsoft, etc., trade off users’ data to benefit their revenue model. But the government of a country doing so is a different ball game with a touch of threat to the democratic process.
“When big tech companies collect data, they often do it aggressively and in ways that are difficult for users to understand or resist. But there is still some element of choice: you can avoid a platform, switch devices, or limit your usage, even if these choices are costly. With a government-mandated, system-level app, the power imbalance is sharper,” said Gupta.
“The state is not just another data controller; it also makes the rules, controls the telecom infrastructure, and has law-enforcement powers. If the same actor that regulates the network is also embedding code on your device, the risks are higher, especially in the absence of strict purpose limits, oversight, and remedies. So, while big tech surveillance is a serious problem, a compulsory state app on every phone raises a different and, in many ways, more structural kind of risk.”
Pahwa underlined that there are better privacy-preserving options. “Big tech only wants to make money. The government, which has statutory power over us and is meant to protect our rights, can essentially use this to hamper the democratic process of the country. We’ve seen governments in the past put people in jail either due to information they have or through planting information. So, this creates a risk for people. Big tech apps can be uninstalled, at least based on the directive,” he told ThePrint.
He also pointed out that the government protects user data from big tech companies under the Digital Personal Data Protection Act, where a user can ask the company to delete all the data they possess about them. But the government, Pahwa said, is exempted from the Act and therefore there is no transparency or accountability.
He also mentioned that the present government had contended in the Supreme Court during a 2015 lawsuit that the right to privacy was not a fundamental right under the Constitution. The argument was made by then-attorney general Mukul Rohatgi in support of the mandatory nature of the Aadhaar programme, which was contested on the grounds that the government’s intrusive storage of citizen data could violate people’s right to privacy and Article 21.
Rohatgi reminded a bench of Justices J. Chelameswar, S.A. Bobde and C. Nagappan that an eight-judge bench of the top court had in 1954 declared that right to privacy was not a fundamental right. He said that through the years, the court had lost sight of this judgement.
Also Read: Make Sanchar Saathi removable. Good intentions don’t excuse State overreach
Loophole
According to the experts, the DoT order has several loopholes. For example, it remains unclear how the government would treat phones not manufactured in/for use in India.
The order does not specify if the Sanchar Saathi app will also be installed in second-hand phones that were used in a different country and passed down to someone in India.
The experts agree that this loophole can give birth to a whole new grey market for foreign manufactured/China manufactured phones or second-hand phones that were used in other countries before.
There is also a real possibility that some users who are privacy-conscious or simply tired of bloatware will start looking for phones that do not carry the mandated app. That could include second-hand devices originally sold in other countries, or phones brought in through informal channels.
“If the mandate is implemented strictly and without flexibility, it can unintentionally push a segment of users towards such options. This is not good policy design: when people feel that compliance with a rule reduces their control over their own devices, some of them will look for ways around it, and that can create a grey market with its own set of consumer and security risks,” said Gupta.
Stand of phone companies
The friction goes beyond lawyers and activists. In an exclusive report Tuesday, Reuters said Apple is unwilling to comply with the DoT directive and will raise concerns with New Delhi.
While both Gupta and Pahwa agreed that phone manufacturers are unlikely to go to court on this matter, both had a different standpoint on how Apple would likely react.
Gupta’s stance aligned with the Reuters report. He said the company has historically resisted third-party interventions on its system and might raise compliance issues.
Pahwa, on the other hand, said that Apple could agree to comply citing the example of Russia. The Russian government had ordered that all new smartphones sold in the country, including iPhones and iPads, have the state-backed Max app and Russia’s official app store, RuStore, pre-installed starting 1 September, 2025. A similar mandate for state TV app Lime HD TV on smart TVs is effective from 1 January, 2026.
However, both experts agreed that other companies might not resist installing the app as they are used to preloading apps.
“On Android, manufacturers are used to preloading a mix of their own apps, carrier apps, and sometimes government apps, so technically it is easier for them to comply, though many may still dislike the precedent. On iOS, Apple has historically resisted third-party or government-mandated preloads because it controls the system partition much more tightly. So, there will likely be some hard conversations between large original equipment manufacturers (OEMs) and the government on how far this mandate can go in practice,” said Gupta.
Whether OEMs themselves will front such litigation is a separate, strategic question; even if they do not, users and civil society organisations can still bring a challenge, Gupta added.
Kaushiq underlined a range of regulatory exposures that manufacturers can face if they fail to comply with the government’s order on Sanchar Saathi pre-installation.
These include: Import and sale restrictions on devices; penalties, show-cause notices, or suspension of approvals under telecom equipment and consumer-protection regulations; delays in certification or clearance from Indian authorities; contractual disputes with distributors, carriers, or partners if devices are deemed non-compliant at the point of sale; and reputational risk.
The DoT directive has raised questions on consent, safeguards, and privacy. The current policy has loopholes and until those gaps are bridged with transparent rules on permissions, data flows, independent audits and clear legal limits, Sanchar Saathi is likely to remain less a consumer shield and more a test of how democracies govern code on private phones.
(Edited by Nida Fatima Siddiqui)