India’s Mandatory Cybersecurity App Order and Its Impact on Fraud Prevention

December 1, 2025

India is escalating its response to rising cybercrime by forcing smartphone manufacturers to embed a state-run cybersecurity tool directly into their devices. A private government order now requires all new smartphones to ship with the Sanchar Saathi app pre-installed and impossible to remove, and mandates software updates to add it to devices still in the supply chain. The policy reflects India’s attempt to counter large-scale telecom fraud, IMEI spoofing, and the exploitation of stolen phones—issues affecting a market of more than 1.2 billion subscribers. The move also sets up a confrontation with Apple, whose long-standing policy forbids mandatory government app installations. Privacy advocates are warning of expanded state access, while authorities highlight Sanchar Saathi’s measurable effect in blocking millions of fraudulent connections and stolen devices.

India has quietly ordered all major smartphone manufacturers to preload a non-removable state cybersecurity app, Sanchar Saathi, on every new device within 90 days. The instruction, issued on November 28 and kept private, applies to Apple, Samsung, Vivo, Oppo, Xiaomi and others, and also requires pushing the app via software updates to devices already in the supply chain. The government is responding to a surge in cybercrime, particularly fraud linked to stolen or spoofed devices, and argues that the app is essential to counter “serious endangerment” caused by duplicate or manipulated IMEI numbers. India’s network has more than 1.2 billion subscribers, making policy impact immediate and wide.

Sanchar Saathi functions as a centralized telecom-network counterfraud platform. It leverages IMEI, the 14- to 17-digit unique device identifier used by operators to suspend stolen devices and connects to a national registry allowing users to block and track devices across all carriers. It enables the identification and disconnection of fraudulent mobile connections. Since launch in January, it has accumulated more than 5 million downloads, helped block over 3.7 million stolen or lost phones, recovered more than 700,000 phones—including 50,000 in October alone—and led to termination of more than 30 million fraudulent SIM connections. Authorities say this directly reduces cyber-enabled fraud, closes off access to spoofed devices used for scams, and restricts counterfeit circulation within the black market while giving law-enforcement real-time tracking capability.

The mandate is likely to trigger resistance from Apple, whose iOS accounts for roughly 4.5% of India’s 735 million smartphones by mid-2025 but whose internal policy forbids pre-installation of any government or third-party apps. Apple previously clashed with Indian regulators over a mandatory anti-spam app and has a historical record of rejecting similar government requests. Analysts expect Apple to negotiate for a voluntary user-installation prompt rather than a hard preload. Apple, Google, Samsung, Xiaomi and the telecoms ministry did not publicly comment.

Critics argue the requirement removes user consent entirely and aligns India with recent Russian policy mandating a pre-installed state messenger app called MAX. Indian legal experts say this raises privacy concerns, especially because the app cannot be disabled or removed, giving the government persistent device-level access to telecom identifiers and usage metadata under the justification of counter-fraud operations.

The government frames the move as a national-security-driven countermeasure against telecom-enabled fraud, IMEI spoofing, device-based impersonation, and large-scale SIM misuse, consolidating all blocking, tracking, and verification functions under one compulsory state system embedded at the OEM level.