Sanchar Saathi to Be Pre-Installed on New Smartphones, Government Clarifies It Won’t Be Mandatory

The Sanchar Saathi app will now be pre-installed on all new smartphones sold in India, under a directive from the Department of Telecommunications (DoT). The order, dated 28 November 2025, gives handset manufacturers and importers 90 days to comply, and requires them to submit a formal compliance report within 120 days. The app, already available as a voluntary download on Google Play and Apple’s App Store, allows users to block or report lost or stolen phones via IMEI-based blacklisting, verify handset authenticity, check how many mobile connections are registered under their name, and report suspected telecom fraud. Telecom Minister Jyotiraditya Scindia has, however, publicly clarified that the app would not be mandatory for users, and that there would be no coercive surveillance through the platform, a statement that has introduced a layer of uncertainty into how the mandate will finally be operationalised. Major platform-owners have meanwhile signalled resistance. Apple and Google, which control iOS and Android respectively, are reportedly preparing to push back on the mandate, due to concerns over user privacy and system-integrity risks, citing a lack of precedent in pre-loading a state-owned app on devices.

At its core, Sanchar Saathi is the citizen-facing access layer to the government’s Central Equipment Identity Register (CEIR), a nationwide database of mobile device IMEI numbers. Through one interface, it links the Department of Telecommunications, telecom operators and state police. The government’s case is logistical rather than ideological. India’s telecom network now covers around 1.2 billion subscribers, making it one of the world’s largest smartphone markets and a major target for cyber and telecom-enabled fraud. Devices are stolen and resold within hours. SIMs are cloned or issued on forged documents. International scam rings exploit the regulatory lag. From this perspective, centralisation is presented as overdue coordination.

Supporters inside the system frame the move as a form of digital sanitation. Security officials argue that fragmented enforcement leaves persistent gaps that criminals exploit. Cybersecurity professionals say that IMEI blacklisting and number-identity verification are already standard tools in Europe and parts of East Asia, though they typically operate at the carrier or backend level. India’s difference lies in the scale of the exercise, and scale demands automation.

What has transformed Sanchar Saathi from a functional utility into a national flashpoint is not its purpose but its mode of deployment. The directive’s language—pre-installation on all new phones, deployment via system updates, and a requirement that its functions not be disabled—would, in effect, embed a state telecom interface inside nearly every privately owned device as a condition of sale. The smartphone, under this framework, becomes not only a consumer product but also a permanent endpoint of a government security architecture.

The state insists that this does not amount to surveillance. Officials say that the app is a cyber security tool meant for device and SIM integrity, and that it does not enable snooping or call monitoring. India already operates through a dense web of public digital infrastructure—Aadhaar for identity, UPI for payments, DigiLocker for documents—and now the government is adding Sanchar Saathi as the telecom extension of that wider architecture. In previous cases, early resistance around such systems eventually gave way to mass adoption.

Aadhaar, UPI and DigiLocker are service-linked systems, however. They activate when a user seeks a transaction or identity verification. Sanchar Saathi, if made compulsory at the hardware level, would exist independently of user intent. It would be present even when the phone is idle, even when no service is being sought. The concern is therefore not only what the app does today, but what it could be made to do through future updates once its presence is guaranteed by law and firmware.

India’s data-protection regime remains a partial shield against that future. The Digital Personal Data Protection Act establishes broad safeguards around consent and purpose limitation, but offers limited clarity on continuous state access through mandatory, non-removable system applications. Judicial oversight of bulk digital access remains episodic rather than structural. In this landscape, the fear is that concentrating device-level control in a compulsory government platform creates a power asymmetry that is difficult to keep track of in real time.

Most countries operate stolen-device registries, SIM-swap prevention systems, and number-verification frameworks, but these typically function at the network and operator layer. Consumers interact with carriers and regulators audit from above. One parallel is China, where security software is deeply interwoven with state databases. The comparison has in fact sharpened the unease around Sanchar Saathi.

There are also practical anxieties. What happens when a device is wrongly flagged in the registry? How quickly can access be restored when a handset is disabled by mistake? Will the appeals process be accessible to users with limited digital literacy? 

Several technologists argue that the government could achieve most of its stated objectives without making a resident app compulsory. The CEIR could remain mandatory at the network level, embedded directly into telecom switching systems. SIM-swap verification could operate through regulated APIs accessed by banks and digital platforms with explicit user consent. IMEI authentication could be enforced at retail and customs checkpoints rather than inside personal devices. What cannot yet be determined, because it depends on final technical design, audit mechanisms, and legal constraints, is where the line between protection and permanence will ultimately be drawn.