Government Withdraws Mandatory Cybersecurity App Requirement for Smartphones

Withdrawal of Cybersecurity App Mandate

On Wednesday, the Union government announced its decision to retract an earlier directive that required smartphone manufacturers to pre-install a government cybersecurity application on all devices, following significant backlash.

The Ministry of Communications stated, “In light of the growing acceptance of Sanchar Saathi, the government has opted not to enforce mandatory pre-installation for mobile manufacturers.”

Initially, on November 28, the government mandated that manufacturers install the Sanchar Saathi app on new smartphones and update existing devices with the app within three months.

According to the previous directive, users would not have the option to disable the app, as indicated in a press release from the ministry.

After receiving criticism from opposition leaders and tech policy experts who argued that the order represented an increase in surveillance without adequate protections, Union Communications Minister Jyotiraditya Scindia asserted on Tuesday that users would indeed be able to remove the app.

However, the Internet Freedom Foundation challenged Scindia’s statement, claiming it was incorrect.

The organization pointed out that Paragraph 7(b) of the order from the Department of Telecommunications explicitly states that the Sanchar Saathi app “cannot be ‘disabled or restricted’.”

This announcement followed Scindia's remarks in Parliament, where he stated that the app cannot be utilized for surveillance.

“Snooping is neither feasible nor will it occur through this [Sanchar Saathi] app,” Scindia emphasized, noting that the platform is designed to safeguard users from cyber fraud.

He also mentioned that the government is open to modifying the order based on public input, aiming to empower users to protect themselves.

On Wednesday, the ministry reiterated that the app was mandated to ensure cybersecurity access for all citizens.

“The app's sole purpose is to protect users, and they can uninstall it at any time,” the ministry clarified in a press release. “This has been confirmed by the government.”

The Congress party criticized the telecom department's directive on Monday, labeling it as “beyond unconstitutional” and called for its immediate retraction.

The Internet Freedom Foundation expressed concern on Tuesday, describing the November 28 directive as a “serious overreach” of executive authority over personal digital devices.

The stipulation that the app's functionalities cannot be disabled effectively turns every smartphone into a device for state-mandated software that users cannot reasonably refuse, control, or remove, the organization stated.

They further warned that the directive was so ambiguous that while the app is currently presented as a harmless International Mobile Equipment Identity checker, it could potentially be repurposed for client-side scanning of ‘banned’ applications, monitoring VPN usage, correlating SIM activity, or accessing SMS logs under the guise of fraud detection.

Also read: ‘A permanent surveillance backdoor’: Why Sanchar Saathi app order raises privacy fears