Why India rolled back its mandatory cybersecurity app order
India’s government is facing scrutiny after abruptly withdrawing an order that would have required smartphone manufacturers to pre-install a state-run cybersecurity application on all new devices.
The directive, issued privately to companies on November 28 and later reported by Reuters, mandated that the Sanchar Saathi app be placed on every new mobile phone and made impossible for users to disable.
The order also instructed manufacturers to push a software update installing the app on existing devices. Companies were given 90 days to comply and 120 days to file reports with the Department of Telecommunications.
With more than 85% of Indian households owning smartphones, the measure would have affected almost the entire population.
Sanchar Saathi, introduced in January, is designed to curb mobile-related fraud by detecting duplicate or spoofed IMEI numbers and allowing users to block stolen devices. Government figures claim the app has already helped disable millions of fraudulent connections and recover hundreds of thousands of lost phones.
Officials framed the requirement as a necessary response to mounting cybercrime, citing powers under India’s Telecom Cyber Security Rules. But the mandatory installation clause immediately raised concerns among privacy groups and technology companies, recalling the backlash over India’s compulsory COVID-19 tracing app in 2020.
Apple was reportedly the first to signal non-compliance, arguing that it does not pre-install third-party apps for any government worldwide.
Digital rights advocates condemned the order as legally weak and disproportionately intrusive. The Internet Freedom Foundation called it a “deeply worrying expansion of executive control,” while the Software Freedom Law Centre described it as a “24-hour State in my home” measure that undermined user autonomy.
Opposition politicians also criticised the directive. Congress MP Priyanka Gandhi labelled Sanchar Saathi a “snooping app,” arguing that the government had no justification for placing non-removable state software on personal devices. The backlash quickly gained traction across social media.
Facing mounting resistance, the government signalled on Wednesday morning that it was open to amending the order. By the afternoon, the Communications Ministry confirmed the directive had been scrapped, saying it had “decided not to make the pre-installation mandatory.”
But, India is not alone in pursuing tighter control over mobile phones.
Russia recently made a government-backed app mandatory on all devices sold in the country, part of what critics describe as a widening surveillance apparatus. Privacy advocates warn that India’s attempt, though now rescinded, reflects a similar trajectory and could re-emerge in another form.
This story is written and edited by the Global South World team, you can contact us here.
