Centre asks smartphone makers to preinstall Sanchar Saathi app on all new devices; cannot be deleted

The Department of Telecommunications (DoT) has instructed smartphone manufacturers in India to preinstall a government-developed cybersecurity app on all new devices, according to media reports. Users will not be allowed to delete the application, the Department has reportedly told companies.

Under the directive, every new smartphone sold in the country must come with the Sanchar Saathi app already on the device, while a software update will be required to add the app to phones that are already in use. Smartphone makers have been given three months to comply — a move industry executives expect many companies to challenge. The requirement affects major manufacturers including Apple, Samsung, Xiaomi, Oppo and Vivo. Neither the DoT nor the companies had responded to queries at the time of publication.

Currently, Sanchar Saathi is available on Apple’s App Store and the Google Play Store, but users can choose whether to install it. If the new rules are enforced, the app will become permanent software on both new and existing devices through updates.

Launched in January, the app has been downloaded more than five million times. Government data released in September reported that over 3.7 million lost or stolen phones had been blocked using the app, while more than 2.2 million devices had been traced.

Sanchar Saathi enables users to track and disable lost or stolen mobile phones anywhere in India using the handset’s unique 15-digit IMEI number. The tool can also help police locate missing devices and curb the circulation of counterfeit phones. It additionally allows users to report suspected fraudulent calls, text messages and online communications.

The DoT’s separate directive to WhatsApp, Signal and Telegram last week means users will no longer be able to access these apps unless the SIM card linked to their original registration is present. Companion desktop services such as WhatsApp Web will also be interrupted automatically every six hours.

At present, apps like WhatsApp verify users through one-time passwords sent to their mobile number. To comply with SIM binding, companies will instead need to access the International Mobile Subscriber Identity (IMSI) stored on a user’s SIM card — a unique identifier assigned to every mobile subscriber worldwide.