India Mandates Pre-Installation of Government Cybersecurity App

India has mandated that smartphone manufacturers pre-install a government-run cybersecurity application that users cannot remove. This directive has sparked considerable concern regarding privacy among the nation’s vast mobile user base, which totals approximately 1.16 billion according to data from August 2024. Authorities assert that the app, named Sanchar Saathi—meaning “communication partner” in Hindi—will enhance protection against fraud.

Late on Monday, officials in New Delhi provided manufacturers with a 90-day timeline to comply with the new regulations. The order specifies that the app must be “pre-installed on all mobile handsets manufactured or imported for use in India.” Additionally, manufacturers are required to ensure that the app is “readily visible and accessible” to users during the initial setup of their devices, with functionalities that must remain unrestricted.

The government’s rationale for the app includes features that allow users to block and track lost or stolen phones. It also aids in identifying and disconnecting fraudulent mobile subscriptions made under their names. According to government figures, more than 2.6 million phones have already been traced using the application.

Despite these claims, rights advocates and political leaders have expressed serious concerns about the implications of this directive. The Internet Freedom Foundation (IFF) issued a statement emphasizing that the new mandate indicates a troubling expansion of government control over personal digital devices. The organization criticized the order, stating, “The state is asking every smartphone user in India to accept an open-ended, updatable surveillance capability on their primary personal device, and to do so without the basic guardrails that a constitutional democracy should insist on.”

Concerns about privacy have been echoed by cybersecurity analyst Nikhil Pahwa, who remarked that the rules represent a clear invasion of personal privacy. He questioned the potential for the app to access unencrypted files and messages on users’ devices, cautioning that future updates could further compromise user privacy.

Opposition to the government’s decision has also grown within political circles. Members of the Congress party, including politician KC Venugopal, have demanded an immediate rollback of the order, labeling it unconstitutional. Venugopal stated on social media, “Big Brother cannot watch us,” describing the government app as a “dystopian tool” designed to monitor every Indian’s actions, interactions, and decisions.

This directive in India follows a similar measure enacted by Russia in August 2024, which required manufacturers to install a new messaging platform called Max on all new phones and tablets. Rights advocates in Russia similarly expressed concerns that the app could serve as a powerful surveillance tool.

As the situation unfolds, the tension between national security measures and individual privacy rights continues to grow in India, raising significant questions about the balance of power in the digital age.