India has withdrawn a recent directive that would have required smartphone manufacturers to pre-install the state-run Sanchar Saathi cybersecurity application on all new devices sold in the country. The original order, issued last week and made public on Monday, had given manufacturers 90 days to comply, making the app non-removable. The government cited the app's "increasing acceptance" as the reason for the withdrawal, while the initial mandate had prompted concerns from privacy advocates and smartphone makers regarding user privacy and implementation.
Initial Directive and Rationale
The Department of Telecommunications initially mandated the pre-installation of the Sanchar Saathi app on new smartphones, allowing manufacturers 90 days to integrate it. The directive applied to one of the world's largest mobile phone markets, which has over 1.2 billion mobile subscribers. The government stated the measure was intended to assist citizens in verifying handset authenticity and reporting suspected misuse of telecommunication resources.
The Sanchar Saathi app, launched in January, provides functionalities such as checking a device's International Mobile Equipment Identity (IMEI), reporting lost or stolen phones, and flagging suspicious communication attempts. The IMEI is a unique 15-digit code used to identify and authenticate mobile devices on cellular networks.
According to the Department of Telecommunications, mobile handsets with duplicate or spoofed IMEI numbers pose a risk to telecom cybersecurity. The department also highlighted India's substantial second-hand mobile device market, where stolen or blacklisted devices are sometimes resold, potentially involving purchasers unknowingly in illicit activities or leading to financial losses. The original regulations stipulated that the pre-installed application must be readily visible and accessible to users during device setup, with its functionalities unable to be disabled or restricted. Manufacturers were also encouraged to provide the app through software updates for devices already produced but not yet sold, and were required to submit compliance reports within 120 days.
Concerns and Opposition
The mandatory pre-installation directive generated concerns regarding privacy and potential surveillance among cybersecurity experts and the public. These experts argued that the mandate infringed on citizens' right to privacy.
Major smartphone manufacturers, including Apple and Samsung, reportedly resisted the order. Reports indicated that these companies expressed concerns over the directive's issuance without prior consultation and its potential conflict with user privacy standards. India's Minister of Communications, Jyotiraditya Scindia, addressed the surveillance concerns, stating that "Snooping is neither possible nor will it happen with the Sanchar Saathi safety app."
Withdrawal of the Mandate
The government subsequently withdrew the order, attributing the decision to the app's "increasing acceptance." Prior to the withdrawal, the Sanchar Saathi app had recorded 14 million downloads. India's telecom ministry reported that the app facilitated approximately 2,000 fraud reports daily, with 600,000 new users registering on a single day, indicating a tenfold increase in registrations.
Digital advocacy groups acknowledged the government's reversal. The Internet Freedom Foundation commented via X, "This is a welcome development, but we are still awaiting the full text of the legal order that should accompany this announcement, including any revised directions under the Cyber Security Rules, 2024." The organization stated that the development should be treated as "cautious optimism, not closure, until the formal legal direction is published and independently confirmed."