India’s telecommunications ministry has issued a directive requiring all major mobile device manufacturers to preload a government-backed cybersecurity application called Sanchar Saathi onto every new phone sold in the country within a 90-day timeframe. According to reports, this app is mandatory and cannot be deleted or disabled by users once installed. The move signifies a major government step into the mobile cybersecurity space, embedding a state-controlled application deep within the user experience of new devices. This mandate will affect phones already in the supply chain, as manufacturers are required to push the app via a software update.
Sanchar Saathi is currently available for Android and iOS devices, as well as on the web, offering a suite of consumer-focused security tools. Its primary functions include enabling users to report suspected fraud, spam, and malicious web links received via call, SMS, or WhatsApp. Critically, it allows users to report incoming international calls that are spoofed to appear as domestic calls (i.e., starting with the Indian country code, +91). The government states that reporting these spoofed calls helps them target and act against “illegal telecom exchanges which are causing financial loss to the Government’s exchequer and posing a threat to national security.”
The app has already seen significant adoption since its launch in May 2023, boasting over 11.4 million collective installations on Android and iOS platforms, with a large user base in the states of Andhra Pradesh and Maharashtra. The platform has demonstrated its effectiveness by blocking more than 4.2 million lost devices and successfully tracing approximately 2.6 million of them, resulting in the recovery of over 723,638 devices. The government has explicitly framed this compulsory pre-installation as a necessary measure to combat escalating threats to telecom cybersecurity, such as network misuse and the use of spoofed IMEI numbers to facilitate scams.
However, the application’s mandatory nature and requested permissions raise potential privacy concerns. The Google Play Store listing for the Android version of Sanchar Saathi reveals that the app requires extensive access to device functions and user data. These permissions include the ability to read and send SMS messages, read the call log and phone status/identity, read and modify/delete the contents of USB storage (Photos/Media/Files), and even take pictures and videos via the camera. While justified by the government for security, this level of system access in a non-removable, mandatory app is noteworthy.
Ultimately, the November 2025 directive underscores the Indian government’s commitment to tackling digital fraud and threats facing its telecom infrastructure. By making Sanchar Saathi a permanent fixture on all new mobile devices, the government aims to create a pervasive security layer and a direct reporting channel for citizens. This push for greater national security through mandatory pre-loaded software represents a significant policy shift for mobile device regulation in the country.
Reference:
