In a move that has ignited a fresh debate on digital privacy and state oversight, the Indian government has issued a directive making it mandatory for all smartphone manufacturers to pre-install its Sanchar Saathi application on devices sold in the country. The stated goal is to enhance cybersecurity and prevent the cloning or spoofing of unique device identification numbers, known as IMEI.
Deadline and Compliance for Global Brands
The order, formally issued on November 21, provides a 90-day window for compliance. This regulation casts a wide net, impacting all major players in the Indian smartphone market. Companies like Apple, Samsung, Google, Motorola, Xiaomi, Oppo, and Vivo must adhere to the rule for both domestically manufactured and imported handsets. The directive is also valid for devices currently in transit or awaiting sale.
To ensure the mandate is effective and not just a symbolic gesture, the government has specified strict implementation guidelines. Manufacturers must ensure the Sanchar Saathi app is "readily visible and accessible to the end users" during the initial device setup. Furthermore, its core functionalities cannot be disabled or restricted by the companies. For phones already in the sales channel, manufacturers are instructed to "make an endeavour" to push the app via over-the-air software updates.
Security Rationale vs. Privacy Fears
The government justifies this move under the Telecommunications (Telecom Cyber Security) Rules, 2024. It states that mobile handsets with duplicate or spoofed IMEI numbers pose a "serious danger to telecom cyber security." The Sanchar Saathi app, promoted as a citizen-centric tool by the Department of Telecom (DoT), is positioned as a mechanism to allow users to report suspicious IMEI misuse and verify the authenticity of their device's IMEI.
However, the mandate has raised significant red flags within the industry and among digital privacy advocates. Critics argue that forcing a government-developed app onto every smartphone blurs the line between security and surveillance, potentially enabling unprecedented access. The fear is that such a move could set a precedent for increased state monitoring under the guise of security.
Potential Penalties for Non-Compliance
The government has set clear consequences for failing to follow the new rule. Device manufacturers and importers are required to submit compliance reports to the DoT within 120 days from the issuance of the direction. "Failure to comply with these directions shall attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and other applicable laws," the order explicitly warns.
This development places global tech giants in a challenging position, forcing them to balance adherence to local regulations with growing global concerns about user privacy and device integrity. The coming months will reveal how the industry responds and whether the government addresses the mounting privacy concerns surrounding this sweeping mandate.
