India's Sanchar Saathi: Security vs Privacy vs Integrity

India's Department of Telecommunications (DoT) has issued a directive that reshapes the landscape for smartphone manufacturers. The order, dated 28 November 2025, mandates embedding the Sanchar Saathi application into all smartphones sold in India.

This requires a system-level integration that prevents users from uninstalling the software, a move that the government positions as a necessary tool against rising fraud and identity theft.

Issued under the Telecommunications Act, 2023, the mandate aims to provide visibility into device identifiers for automated national checks. The DoT argues that a voluntary portal is insufficient, citing that the existing Sanchar Saathi ecosystem has already helped recover or block numerous devices.

However, civil liberties organisations and political figures have raised alarms. The Internet Freedom Foundation warns that the order turns every smartphone into a vessel for state-mandated software that users cannot control or remove.

Critics fear the app's features could be expanded via updates, citing the broad definition of 'security incidents' in the rules.

Indian MP K.C. Venugopal called the directive a “dystopian tool to monitor every Indian,” adding, “It is a means of watching over every movement, interaction and decision of each citizen. Big Brother cannot watch us.”

Sanchar Saathi's impact on manufacturer operations

For original equipment manufacturers (OEMs), the Sanchar Saathi directive presents immediate technical and operational hurdles. The instructions demand that the app is visible on first boot and is non-removable.

This also applies to devices already sitting in the distribution chain. This necessity to push updates to sealed inventory places a considerable strain on warehousing and retail logistics.

Apple, in particular, views the order as incompatible with its software model. Industry accounts suggest Apple sees the mandate as a violation of its global security architecture and a risk to its policies on pre-installed apps.

Sources report that Apple “does not plan to comply,” fearing it could set a precedent for other markets.

Meanwhile, Android manufacturers are evaluating the 90-day compliance window, noting that firmware modification and testing cycles usually exceed this. The India Cellular and Electronics Association has voiced these concerns to the ministry, highlighting the operational challenges.

Contradictory messaging and regulatory uncertainty

The situation is complicated by public statements from government officials. On 2 December 2025, Union Minister for Communications Jyotiraditya Scindia stated the application is optional.

He said: “The app is completely optional. If you want to delete it, you can… Keeping it in their devices or not is up to the user.”

This verbal assurance directly contradicts the written legal order, which states the app's functions must not be disabled by the user. This creates considerable uncertainty for manufacturers, who are legally bound to the written notification.

Until a formal amendment is issued, the original, stricter directive remains in force. This creates a difficult scenario where manufacturers must pre-install the app, while users are told they can remove it.

Telecoms cybersecurity and endpoint monitoring

The mandate's legal foundation is the Telecommunications Act, 2023 and the Telecom Cyber Security Rules, 2024. These rules broadly define a 'security incident', allowing the DoT to classify IMEI manipulation or irregular activity as threats.

The app acts as a device-level sensor, linking to backend systems to correlate data and monitor for unusual patterns.

The DoT justifies the mandate by highlighting the scale of subscriber activity in India. It notes that the voluntary adoption of the app, at five million downloads, is insufficient for a population using more than one billion devices.

This policy signals a change from network-level security to direct endpoint integration. It places a heavy compliance burden on the smartphone sector, which must now navigate conflicting regulations, political statements and user expectations.