India Mandates Pre-installation of Sanchar Saathi Cybersecurity App on All New Smartphones Within 90 Days

India just dropped a regulatory bombshell on the global smartphone industry—and it's got a 90-day countdown attached.

The New Pre-install Mandate

The government has reportedly ordered all smartphone manufacturers to pre-load its Sanchar Saathi cybersecurity application on every new device sold in the country. The directive gives companies a tight three-month window to comply, a timeline that will send supply chain and software teams scrambling.

What's in the Box?

While official feature details are still emerging, Sanchar Saathi is positioned as a government-backed tool for digital safety. The move effectively makes a state-developed app a default piece of a device's core software experience, shifting the traditional power balance between tech giants and national regulators.

The Global Ripple Effect

This isn't just another regional compliance headache. India is one of the world's largest smartphone markets. A mandate here forces every major player—from Apple and Samsung to Chinese manufacturers—to reconfigure device images, update production lines, and navigate a new layer of pre-sale approval. The logistical and financial implications are massive.

Security Savior or Digital Overreach?

Proponents will hail it as a necessary step to protect citizens in a volatile digital landscape. Critics will immediately question the privacy implications of a government app with deep system access shipped on every phone. It's a classic clash of security and sovereignty versus user autonomy and market freedom.

One thing's for sure: the cost of compliance won't be baked into the device price—it'll be passed straight to shareholders. Another win for 'stakeholder capitalism,' where the only stakeholder that never seems to lose is the regulator.

India’s mandatory app

India’s government now reportedly requires all smartphone manufacturers to pre-install a state-owned cybersecurity app on new devices. The order was issued on November 28 and gives companies 90 days to ensure the Sanchar Saathi app comes pre-loaded on all new phones, with no option for users to remove it.

Major smartphone manufacturers, including Apple, Samsung, Vivo, Oppo, and Xiaomi, which together account for most of India’s smartphone market of over 1.2 billion subscribers, are expected to comply.

For devices already in the supply chain, manufacturers must push the app to phones through software updates.

The government is insistent on the app because it is needed to combat what it describes as serious threats to telecom cybersecurity. These threats include duplicate or fake IMEI numbers that enable scams and network misuse. The IMEI is a unique identification number assigned to every mobile phone that can be used to block stolen devices from accessing networks.

The directive has so far faced pushback from privacy advocates and technology companies. Technology lawyer Mishi Choudhary stated that the government’s decision effectively removes user consent as a meaningful choice.

Choudhary pointed out that similar concerns were raised when Russia mandated pre-installation of the state-backed Max messenger app in August.

Apple’s internal policies explicitly prohibit installing any government or third-party applications before a smartphone reaches consumers. The company is responsible for roughly 4.5% of India’s 735 million smartphones, with Android devices making up the rest.

Apple also clashed with Indian regulators over government apps in 2017 when it delayed implementing an anti-spam app due to concerns about sending call log data to Indian authorities.

The Sanchar Saathi app

The Sanchar Saathi app was launched in January and serves multiple cybersecurity functions. Firstly, it allows users to track and block lost or stolen smartphones across all telecom networks using a central registry. Users can also identify and disconnect fraudulent mobile connections through the platform.

Since its launch, the app has been downloaded more than 5 million times and has helped recover over 700,000 lost phones, including 50,000 in October alone. Government data shows the app has blocked more than 3.7 million stolen or lost mobile phones and terminated over 30 million fraudulent connections.

Also on November 28, the Department of Telecommunications issued separate orders requiring messaging apps, including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, and others, to maintain continuous binding to active SIM cards.

The government says this feature is being misused from outside the country to commit cyber fraud. The government argues that requiring continuous SIM verification will make it harder for criminals to operate fake accounts remotely, as every session will require an active and verified SIM card.

The messaging app order means that these services will only work if the SIM card remains present and active in the device. For web-based versions, users will be automatically logged out every six hours and must re-authenticate through QR code pairing.

These platforms have been classified as Telecommunication Identifier User Entities under new regulations and must comply within 90 days.

Join Bybit now and claim a $50 bonus in minutes