A directive from the Indian government mandating smartphone manufacturers to pre-load the Sanchar Saathi application on all new devices has sparked a privacy debate. Effective November 28, the order requires that the app be pre-installed on all new smartphones sold in India and that users not be allowed to uninstall it. The directive impacts major manufacturers including Apple, Samsung, Xiaomi, Oppo, and Vivo. These companies have 90 days to comply, with a compliance report due within 120 days. For devices already in the supply chain, the app must be installed via software updates.

The Sanchar Saathi app, launched in January, allows users to report suspected fraud, track lost or stolen devices, and identify fraudulent mobile connections. The government claims the app has helped recover over 700,000 lost phones, including 50,000 in October alone. The app also features the Chakshu Portal, which enables users to report fraudulent calls and messages. According to the government, the move is intended to combat cybercrime, prevent the sale of non-genuine handsets, and enhance telecom security. The Department of Telecommunications (DoT) has stated the app will safeguard citizens from fraud by making fraud reporting easier.

However, the directive has raised concerns among privacy advocates, who argue that mandating a non-removable government app undermines user choice and expands state surveillance. Some critics have described the move as dictatorial, drawing parallels to similar requirements in other countries, such as Russia. A technology lawyer said the directive removes "meaningful" consent from consumers. There are also concerns about why the app must be undeletable and why the directive was not released publicly.

The government has also directed online messaging platforms like WhatsApp, Telegram, and Signal to enforce mandatory SIM binding, meaning users can only access these services on the device with the SIM used during registration. This directive is part of the Telecommunication Cybersecurity Amendment Rules, 2025, and aims to address vulnerabilities exploited for cyber fraud. These platforms have 90 days to make the necessary technical changes and must submit compliance reports within four months.

The move is expected to face resistance from some manufacturers, particularly Apple, which has policies against pre-installing government or third-party apps. Analysts suggest Apple may seek a workaround, such as making the app optional. The pre-installation mandate also comes shortly after the Ministry of Electronics and Information Technology notified the final Digital Personal Data Protection (DPDP) Rules, 2025, expanding the government's oversight over digital devices and personal data handling.

The DoT has also issued a set of instructions to over-the-top communication platforms, asking them to complete the SIM-binding-to-device exercise within the next 90 days. The directive also states that these intermediaries must ensure that the application on the device is continuously linked to the SIM card and the phone number on which the account was registered.