What is the Sanchar Saathi app? Why is the government mandating its pre-installation?

The story so far: On Monday (December 1, 2025), the Department of Telecommunications (DoT) ordered smartphone manufacturers to pre-install the Sanchar Saathi app on their phones. The order, effective from March 2026, has faced intense pushback, with digital rights advocates speaking up against the mandate, and the Opposition charging the government with a surveillance attempt.

What is the Sanchar Saathi app?

Sanchar Saathi was launched in 2023 as a portal where users could report suspicious phone calls. It also has other features like identifying all the phone numbers linked to a user, blocking a stolen device by providing its unique International Mobile Equipment Identity (IMEI), which would culminate in an order to telecom operators to bar a stolen device from their networks. 

The government has specifically cited “mobile handsets bearing duplicate or spoofed IMEI [posing a] serious endangerment to telecom cyber security” as the main reason for which they have told phone makers to pre-install the app.

There is little precedent for the government to mandate an app to be pre-installed on a phone. This has been done for contacts (such as an emergency number during the COVID-19 pandemic), and while the government weighed requiring a mandatory installation of the Aarogya Setu app in 2020, no formal order appears to have materialised. That app is now defunct. In 2018, the Telecom Regulatory Authority of India (TRAI) proposed rules that would penalise firms that obstructed its spam-reporting app, DND, from working on phones sold here. But even that order did not mandate pre-installing the app.

Is it legal to mandate this app to be installed on phones?

The Telecommunications Act, 2023 has an expansive definition of the term “telecommunications”. However, the DoT assured reporters in 2023 that the definition would not be used to go beyond its telecom operator mandate. 

But in November, the DoT issued an amendment to the Telecom Cyber Security Rules, 2024, which expanded even this broad definition. The amendment introduced the concept of a Telecommunication Identifier User Entity (TIUE), which essentially meant any firm using a phone number to identify users. That covers everything from smartphones to apps like WhatsApp. In a separate order last week, DoT mandated WhatsApp and other messaging platforms to force web-based instances to be logged out every six hours. If a phone using WhatsApp does not contain the SIM that account was registered with, it should stop working, the directions stated.

The pre-installation directions have been issued under this expanded rule set. “A mandate like this could face constitutional scrutiny, particularly under the right to privacy recognised in the Puttaswamy judgment,” Meghna Bal, director of the Esya Center think tank said. “While the ruling does allow certain exemptions for the state, it is important to note that Aadhaar withstood challenge largely because it was positioned as voluntary at the time. By requiring the Sanchar Saathi app to be pre-installed on every new device and preventing users from uninstalling it, the mandate shifts from optional participation to compelled compliance.”

Is the Sanchar Saathi app safe? Can it be uninstalled?

Communications Minister Jyotiraditya Scindia insists that the app is being offered as a part of its “responsibility” to telecom users to help them detect forged IMEI numbers on stolen handsets. Mr. Scindia added that if users didn’t want to use the app, they could “delete” it or avoid registering on it altogether, meaning it would stay “dormant”. 

It is unclear if the directions corroborate that, or if a follow-up order has been issued to dilute the December 1, 2025 order’s requirements — a copy seen by The Hindu shows an explicit instruction to ensure that the app “is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted”. Pre-installed apps are typically offered a higher security clearance (“root access”) within a phone’s operating system, which may grant them higher permissions that downloaded apps may have to seek as and when needed.

This elevated access could be a risk vector. Anand Venkatanarayanan, co-founder of the cyber security and defense consultancy DeepStrat said that as soon as “you get root in OS layer by a government app, an over-the-air update is all it takes to ‘get more permissions’,” meaning potentially more intrusive access. Some permissions, like phone, SMS and camera access (sought for spam reporting), would be especially troubling for users if they were granted by default.

In the event that the app were to be compromised by an outside actor, the impact may hit most smartphones sold next year immediately, as it would have been installed already on millions of handsets.