By ByteBot
India’s Ministry of Communications issued a confidential order on November 28, 2025 requiring all smartphone manufacturers to preinstall the government-owned Sanchar Saathi app on every new device sold—and make it unremovable by users. The directive gives Apple, Samsung, Xiaomi, Oppo, Vivo, and every other manufacturer 90 days to comply, with existing phones in distribution requiring forced software updates. The app, which claims to combat phone theft through IMEI tracking, demands deep system permissions including call logs, SMS access, camera, and file system access. Technology lawyer Mishi Choudhary captured the core problem: “The government effectively removes user consent as a meaningful choice.”
Apple’s Impossible Choice Sets Global Precedent
Apple’s internal policies explicitly prohibit preloading government or third-party applications before devices reach consumers—a principle the company has defended globally as core to user privacy. India’s mandate forces a binary choice: comply and abandon the principle, or refuse and exit the world’s second-largest smartphone market (1.4 billion users, ~240 million smartphones sold annually).
Industry analysts at Counterpoint Research predict Apple will negotiate a Russia-style compromise: during iPhone setup, users see a prompt suggesting the Sanchar Saathi app, but can opt out. Russia’s 2021 preinstall mandate allowed this workaround, preserving Apple’s “no true preinstall” policy while technically complying. However, India’s order explicitly states “users cannot disable”—suggesting less flexibility than Russia offered.
If Apple fully complies without resistance, every authoritarian regime and privacy-hostile government will demand the same. China could mandate preinstalled state surveillance apps. EU nations could require “safety” apps under Digital Services Act justifications. The precedent doesn’t stop at India—it’s a global test case for whether tech companies can maintain device sovereignty principles when governments push back.
Related: Microsoft Copilot GPT-5 Default: No Opt-Out for Devs
Deep Permissions Build Surveillance Infrastructure
Sanchar Saathi requires permissions that collectively constitute a comprehensive surveillance toolkit: make/manage phone calls, read call logs, read/send SMS messages, camera access, and full file system access. The government claims these are necessary for IMEI tracking and fraud reporting, but privacy advocates point out the same permissions enable location tracking, social graph mapping, and message content surveillance—none of which are needed for anti-theft functionality.
The app’s official privacy policy claims it “does not automatically capture any specific personal information” and “does not share with third parties except law enforcement as per prevailing laws”—but those qualifiers are enormous loopholes. What data counts as “automatically captured”? What do “prevailing laws” allow law enforcement to access without warrant? These gaps aren’t accidental.
Mandatory + unremovable + deep permissions = surveillance infrastructure, regardless of stated intent. Today the app tracks IMEIs; tomorrow it could be updated to include real-time location tracking, message content scanning, or social graph analysis. Users have no ability to refuse or uninstall—consent is eliminated entirely.
700K Recoveries Claimed, Zero Verified
India’s Department of Telecommunications claims Sanchar Saathi (launched January 2025 as an optional app) has recovered over 700,000 lost/stolen phones, including 50,000 in October 2025 alone, and blocked 3.7 million stolen devices while terminating 30 million fraudulent connections. These numbers sound impressive—but zero independent verification exists.
The app had 5 million+ voluntary downloads before the mandate, suggesting legitimate demand existed. Phone theft is a massive problem in India, and IMEI blocking does work when implemented properly. However, no third-party audit has confirmed the government’s recovery statistics, and there’s no data on false positives (legitimate devices incorrectly blocked).
Here’s the question that matters: if Sanchar Saathi genuinely recovered 700,000 phones voluntarily, that’s proof it works without coercion. The mandate suggests the government values universal surveillance capability more than the anti-theft justification it publicly cites. Effective anti-theft functionality doesn’t require mandatory installation. Apple’s Find My iPhone is optional, Google’s Find My Device is optional, carrier IMEI blocking services are opt-in.
Confidential Order Bypassed Public Consultation
India’s Department of Telecommunications issued the November 28, 2025 directive confidentially to manufacturers and importers—not as a public policy announcement. This means hundreds of millions of Indian citizens will have government-mandated, unremovable software forced onto their personal devices without any public consultation, debate, or democratic input. The order only became public when news outlets reported on it December 1.
Privacy advocates note this bypasses normal policy-making processes. Major regulations typically include public comment periods, legislative review, or at minimum transparency about what’s being required and why. Instead, manufacturers were privately ordered to comply within 90 days, and consumers only learned about it after journalists investigated.
Transparency matters for accountability. If the government believed this mandate served a legitimate public interest, why issue it confidentially? The lack of public process suggests officials anticipated backlash and wanted manufacturers locked in before citizens could object. This is governance through fait accompli—announce after the decision is irreversible.
Russia Did This First, Others Will Follow
Russia implemented a similar mandate in 2021 requiring preinstalled state-backed apps (including MAX messenger). India now joins this exclusive club, and privacy advocates warn that success here will inspire similar mandates globally. China could require preinstalled state surveillance apps. Authoritarian regimes have clear incentives. Even democracies might mandate “safety” apps under national security or child protection justifications.
The slippery slope is real: COVID-19 contact tracing apps started voluntary, then became mandatory for certain activities in multiple countries. If governments discover they can compel smartphone manufacturers to preinstall state software, the Pandora’s box is open. India’s 1.4 billion user market is too large for manufacturers to ignore—compliance here proves the tactic works.
This isn’t just about India. It’s a global test of whether democratic nations will resist or embrace mandatory state software on personal devices. If tech companies comply without significant resistance, other governments will conclude the strategy is viable. The precedent set here determines whether “device sovereignty” remains a principle or becomes a relic.
Key Takeaways
- India orders mandatory, unremovable Sanchar Saathi app on all smartphones (Nov 28, 2025) — 90-day deadline for manufacturers, forced OTA updates to existing devices sold in India
- Apple faces impossible choice — Violate no-preinstall policy or lose 1.4B user market; compromise possible but sets dangerous global precedent for other nations
- Deep system permissions (call logs, SMS, camera, files) constitute surveillance toolkit — Mandatory + unremovable eliminates user consent entirely, regardless of stated anti-theft purpose
- Government claims 700K recoveries but offers zero independent verification — 5M voluntary downloads prove anti-theft demand exists without coercion; mandate reveals surveillance priority
- Global precedent warning — If tech companies comply without resistance, China, authoritarian regimes, and democracies will follow with their own mandatory state app requirements
