India has done away with a controversial order that would have required smartphone makers to preinstall Sanchar Saathi — the government’s anti-theft, cyber-fraud app — on handsets and feature phones. Following a storm of criticism from privacy advocates, industry representatives, and users, the telecom ministry has said the app will be voluntary and that manufacturers won’t have to install or set it as the default at a system level.
The rollback assuages concerns that state access to personal devices and user choice might be expanded by mandatory preinstallation. It also resolves days of conflicting signals in which officials have spoken of the app as deletable and a circulated directive to manufacturers has said its core features “must not be disabled or restricted.”
Why the government’s preinstall mandate was withdrawn
The backlash was centered on consent and proportionality. Digital rights groups say that mandating a government app on any new phone, in combination with limiting the ability to disable its functionalities, would be at odds with principles underlying India’s data protection architecture including lawful purpose, transparency, and user control. The failure to offer a clear public legal rationale only heightened suspicion.
Practical concerns were also voiced by industry stakeholders. Preloading a company’s app as undeletable “systemware” usually involves customizations to firmware, long validation cycles, and security vetting — daunting requirements for makers that ship dozens of models across numerous software builds each year. Multiple executives privately questioned how the order would be enforced across Android forks and iOS without clear legal underpinning.
The episode revealed a trust gap: Officials said they were protecting consumers, but the language of the directive implied controls that would last beyond user consent. In a market where more than 150 million smartphones are sent to store shelves every year, even small changes in policy can have outsized effects on privacy, competition, and the digital experience of billions of people.
What the data shows about Sanchar Saathi
But even as it reversed course, Sanchar Saathi’s footprint has mushroomed. The government says about 14 million people have downloaded the app, and that it provides information on around 2,000 cyber-fraud incidents daily. Interest soared during the fracas, with hundreds of thousands of new sign-ups announced in a single day.
Independent estimates also suggest heavy use. Sensor Tower’s data suggests the service had over three million monthly active users recently, while web traffic to the platform is growing — its monthly unique visitors are up over 49% year over year. The app’s central promise — to assist users in blocking stolen devices, checking SIM linkages, and reporting fraud — is finding a ready audience in a country struggling with an increase in digital crime.
The upshot is nuanced: Uptake shows demand for user-friendly security tools, but adoption has been most robust when users elect to use the app rather than be forced to. That’s in line with global trends where opt-in security services exceed mandatory installs in long-term retention and trust numbers.
How industry and rights groups responded to the reversal
Manufacturers broadly cheered the reversal, which they said would take them back to predictable software baselines and clearer liability boundaries. McRoss acknowledged that a number of smartphone makers had signed up to the effort, but Apple was not part of the working group — exemplifying the challenge in introducing consistent device-level requirements across ecosystems.
The decision was a positive step, the Internet Freedom Foundation said, but it cautioned that “we need circumspect vigilance based on an informed understanding of how these systems work.” The organization says it is waiting for a formal legal order to clarify the new policy position, as well as confirm any possible future directions are firmly aligned with existing cybersecurity policies. Their position is typical of a broader civil society consensus: security ends should be pursued with rigorous safeguards, narrow purpose limitation, and independent oversight.
On the international level, policymakers are on the same wavelength. European regulators, for example, mandate the removability of preinstalled apps to ensure user choice — an approach that respects platform integrity but protects consumer rights and is enforced with fines. Users trust platforms like Android and iOS to enforce certain features or security measures as part of their brand promise. Users should not be forced into either paying a premium or being at significant risk when browsing the web. India’s U-turn tugs policy toward that norm.
What still moves forward in the Sanchar Saathi ecosystem
The wider Sanchar Saathi ecosystem is meanwhile growing even in the absence of a preload mandate. Recommerce and trade-in platforms are still required to check devices against the central IMEI database in order to prevent the sale of stolen phones. While the company has posted some of the lowest recovery levels among peers, India’s telecom ministry is also testing out an API that allows these companies to upload device and customer details to the state government directly, in a bid to automate checks and quicken recoveries.
These factors make the potential stakes higher for strong governance — clear data retention limits, auditable access logs, and transparent disclosures over who may query the database and when. Independent audits as well as regular transparency reports would go a long way toward assuring the public what is lost in crime-fighting capability, if anything, from surveillance regulation.
For users, the bottom line after the government’s reversal
Sanchar Saathi will still continue to be available — and useful — for those who choose to download it, but no longer arrive uninvited on new phones. The government’s retreat reflects an understanding that sustainable digital policy in the vast Indian smartphone market is better achieved when security ambitions are set at levels corresponding with voluntary uptake, clear legal mandates, and robust privacy protections.