India Scraps Mandatory Pre-Installation of State Cybersecurity App on Smartphones: A Win for User Choice

In a significant reversal, the Indian government has withdrawn its order mandating the pre-installation of the state-run cybersecurity app, Sanchar Saathi, on all smartphones sold in the country. The decision, announced on Wednesday, December 3, 2025, follows widespread criticism from politicians, privacy advocates, global tech companies, and users who viewed the mandate as a potential infringement on privacy and an overreach of state power.

The initial directive, issued privately to smartphone manufacturers like Apple, Samsung, and Xiaomi on November 28, 2025, required the pre-loading of the Sanchar Saathi app within 90 days on all new devices. Furthermore, manufacturers were instructed to push the app to existing devices through software updates. A key point of contention was the stipulation that the app could not be disabled or removed by users. This sparked concerns about potential government surveillance and a compromise of user data and privacy.

The government's decision to backtrack comes after mounting pressure and protests. Opposition parties, privacy advocates, and newspaper editorials voiced strong objections to the mandate. Senior Congress leader Randeep Singh Surjewala, in a notice to Parliament, called for clarification on the legal authority for mandating a non-removable app and demanded a debate on the associated privacy and security risks. Concerns were raised that such a compulsory installation could create a backdoor, compromising user data and privacy.

The government, in its defense, stated that the Sanchar Saathi app is a citizen-centric cybersecurity tool designed to protect users from online fraud and malicious activities. They emphasized the app's security and claimed it has no functions beyond safeguarding users, asserting that it can be removed at any time. The government also highlighted the app's increasing popularity, noting a surge in downloads and registrations. According to the government, 14 million users have downloaded Sanchar Saathi, contributing information on approximately 2,000 fraud incidents daily. In the 24 hours leading up to the reversal, there were 600,000 new registrations, marking a tenfold increase in daily uptake. The Ministry of Communications cited this growing acceptance as the reason for withdrawing the mandatory pre-installation order.

However, reports suggest that resistance from smartphone manufacturers also played a role in the government's decision. Apple and Samsung, in particular, reportedly had plans to not comply with the directive, raising privacy and security concerns related to their respective iOS and Android ecosystems. Apple apparently did not participate in the working group, and other manufacturers questioned the legal backing for permanent, system-level apps.

The government's swift reversal highlights the delicate balance between national security objectives and individual privacy rights in the digital age. While the Sanchar Saathi app will remain available for voluntary download, the controversy underscores the importance of transparency, user choice, and robust legal frameworks in the implementation of cybersecurity measures. This incident also underscores the influence of major tech players in shaping policy and the potential challenges posed by mandates lacking clear legal foundations.