The Indian government is expanding its anti-theft and cybersecurity initiative to cover both new and used smartphones. This effort aims to curb device theft and online fraud, but it is also raising fresh privacy concerns.
As part of the expansion, the telecom ministry now requires companies that buy or trade used phones to verify every device through a central database of IMEI numbers. This comes alongside a recent directive ordering smartphone manufacturers to preinstall the government’s Sanchar Saathi app on all new handsets and push it onto existing devices through a software update.
Launched in 2023, the Sanchar Saathi portal allows users to block or trace lost and stolen phones. Government data states the system has blocked more than 4.2 million devices and traced 2.6 million more. A dedicated Sanchar Saathi app was released in January, which the government says helped recover over 700,000 phones, including 50,000 in October alone.
The app has seen broad adoption, with nearly 15 million downloads and over three million monthly active users in November, a more than 600% increase from its launch month. Web traffic to the Sanchar Saathi portal has also surged significantly.
The order to pre-install the app has drawn significant backlash from privacy advocates, civil society groups, and opposition parties. Critics argue the move expands state visibility into personal devices without adequate safeguards. The government maintains the mandate is intended to address rising cybercrime, such as IMEI duplication, device cloning, fraud in the second-hand smartphone market, and identity theft scams.
In response to the controversy, Telecom Minister Jyotiraditya M. Scindia stated that Sanchar Saathi is a completely voluntary system and that users can delete the app if they do not wish to use it. However, the directive instructs manufacturers to ensure the pre-installed app is readily visible and accessible during device setup and that its functionalities are not disabled, raising questions about how optional the app truly is.
Deputy Telecom Minister Pemmasani Chandra Sekhar noted that most major manufacturers were included in the government’s working group on the initiative, though Apple did not participate.
Alongside pushing the app, the telecom ministry is piloting an application program interface, or API, that would allow recommerce and trade-in platforms to upload customer identities and device details directly to the government. This would mark a significant step toward creating a nationwide record of smartphones in circulation.
India’s used-smartphone segment is expanding rapidly, making it the world’s third-largest market for second-hand smartphones in 2024. However, an estimated 85% of this sector remains unorganized, with transactions occurring through informal channels. The government’s current measures cover only formal recommerce platforms, leaving much of the broader used-device market outside their scope.
Privacy advocates warn that the growing data flows could give authorities unprecedented visibility into device ownership, raising concerns over how the information could be used. The government has not yet detailed how the collected data will be stored, who will have access, or what safeguards will apply.
Digital rights groups note that the scale of India’s smartphone base, estimated at some 700 million devices, means such administrative changes can have outsized consequences and set precedents other governments may study.
Experts have expressed concern that mandating a single government-controlled application risks stifling innovation from private players and startups. They argue that any such system must be backed by independent audits, strong data governance safeguards, and transparent accountability measures to protect user privacy and allow for ecosystem innovation.
The planned API also raises concerns for recommerce firms, which could face liability if sensitive customer information is mishandled.
Observers note that while the Sanchar Saathi app is visible, the broader system it connects to operates largely out of sight. The permissions, data flows, and backend changes may be buried in terms and conditions, leaving users with little practical understanding of what information is being collected or how it is shared.
Critics argue that the approach to restricting cybercrimes and device thefts is disproportionate. They characterize the government’s position as requiring its app on every device sold, every existing device updated, and on anything being resold, creating a comprehensive system of device tracking.