India Requires All Smartphones To Include Permanent Government Cybersecurity App

India’s Department of Telecommunications (DoT) has mandated that all smartphone makers preload a non-removable government cybersecurity app, Sanchar Saathi, on new devices sold in the country.

The private directive, dated November 28, 2025, sets a strict 90-day compliance deadline for giants like Apple, Samsung, Xiaomi, Vivo, and Oppo.

This targets India’s massive 1.2 billion telecom subscribers amid rising digital fraud and cybercrime.

Officials position the app as a vital tool against threats like stolen phones and spoofed International Mobile Equipment Identity (IMEI) numbers.

Criminals often clone IMEIs unique 15-digit hardware identifiers to evade blocklists and resell devices on black markets.

The app integrates with national systems to detect and block such tactics, tightening state oversight in the world’s second-largest mobile market.

Sanchar Saathi: Core Features and Technical Backbone

Originally a web portal launched in 2025, Sanchar Saathi has now become a mandatory mobile app dubbed the “Communication Companion.” It embeds four key modules directly into the device OS for seamless user access.

The Chakshu tool lets users flag suspicious communications, such as fraudulent calls, SMS, or WhatsApp messages linked to phishing scams.

Reports feed into a central analytics engine for real-time threat intelligence sharing with telecom operators.

For lost or stolen devices, the app connects to the Central Equipment Identity Register (CEIR), India’s national IMEI database.

CEIR cross-references the device’s IMEI against a blocklist and issues a block command across all networks via the Mobile Country Code (MCC) and signaling protocols such as Diameter.

This renders the phone inoperable for calls, data, or apps, even with a new SIM. Since its inception, the system has traced over 700,000 lost devices, with many recovered (Sanchar Saathi portal).

Connection management scans the DoT’s subscriber database to list all SIMs registered to a user’s identity, exposing unauthorized activations from identity theft.

Genuineness checks validate IMEI integrity against manufacturer databases and hardware fingerprints, flagging clones via checksum mismatches.

Industry Resistance and Privacy Risks

Manufacturers face a strict mandate: the app must be undeletable, baked into firmware like system partitions on Android (e.g., /system/app) or iOS equivalents, resisting root or jailbreak attempts.

Apple, known for blocking bloatware, and Android OEMs worry about performance hits from constant background CEIR pings and user backlash.

Anonymous executives decry the lack of consultation, predicting erosion of trust.

Privacy groups raise alarms over the app’s deep system permissions access to telephony logs, location data for CEIR, and contacts for fraud reporting which could enable mass surveillance.

Government spokespeople counter that data remains anonymized and encrypted under the IT Act, which is focused purely on consumer protection.

Makers must also roll out the app via OTA updates to existing fleets.