The Indian government is significantly expanding its anti-theft and cybersecurity measures, mandating the pre-installation of its Sanchar Saathi application on all new smartphones and requiring verification of every device, new and used, through a central IMEI database. This ambitious initiative, aimed at curbing device theft and online fraud, has simultaneously ignited widespread privacy concerns among digital rights advocates and opposition parties.

India's Comprehensive Smartphone Tracking Initiative

The expanded government directive, spearheaded by the Indian telecom ministry, introduces two key components. Firstly, smartphone manufacturers are now required to pre-install the official Sanchar Saathi app on all new handsets and push it onto existing devices via software updates. This directive was first reported by Reuters and later confirmed by the ministry.

Secondly, companies involved in buying or trading used phones must verify each device against a central database of International Mobile Equipment Identity (IMEI) numbers. In a further step towards creating a nationwide record of smartphones, the ministry is also piloting an Application Programming Interface (API). This API would enable recommerce and trade-in platforms to directly upload customer identities and device details to the government, marking a significant move towards comprehensive device tracking.

Sanchar Saathi: A Tool for Recovery and Its Rapid Adoption

Launched in 2023, the Sanchar Saathi portal and its dedicated app are designed to help users block or trace lost and stolen phones. Government data indicates the system has been highly effective, blocking over 4.2 million devices and tracing an additional 2.6 million. The app, whose release was in January, has reportedly aided in recovering more than 700,000 phones, with 50,000 recovered in October alone.

The Sanchar Saathi app has seen rapid adoption, with nearly 15 million downloads and over three million monthly active users in November, representing a more than 600% increase since its launch month, according to marketing intelligence firm Sensor Tower. Web traffic to the portal has also surged, with monthly unique visitors rising by over 49% year-over-year.

Mounting Privacy Concerns and Government's Defense

Despite its stated goals, the government's mandate to pre-install Sanchar Saathi has drawn considerable criticism from privacy advocates, civil society groups, and opposition parties. Critics argue that this move significantly expands state visibility into personal devices without adequate safeguards, raising fears about potential surveillance and data misuse.

The Indian government, however, defends the initiative as a necessary measure to combat rising cybercrime, including IMEI duplication, device cloning, fraud in the second-hand smartphone market, and identity theft scams.

"Voluntary" App or Mandatory Tool?

Responding to the controversy, Telecom Minister Jyotiraditya M. Scindia stated that Sanchar Saathi is a "completely voluntary and democratic system," asserting that users can delete the app if they choose not to use it. However, a directive reviewed by TechCrunch instructs manufacturers to ensure the pre-installed app is "readily visible and accessible to end users at the time of first use or device setup" and that "its functionalities are not disabled or restricted." This conflicting language raises questions about the app's true optionality in practice.

Deputy Telecom Minister Pemmasani Chandra Sekhar also noted that most major manufacturers participated in the government's working group on the initiative, though Apple was notably absent.

The Unorganized Market and Unanswered Data Governance Questions

India's used-smartphone market is the world's third-largest and is expanding rapidly due to rising prices of new devices and longer replacement cycles. However, as much as 85% of this sector remains unorganized, with most transactions occurring through informal channels and brick-and-mortar stores. The government's current measures primarily cover formal recommerce and trade-in platforms, leaving a significant portion of the broader used-device market outside its scope.

While the government claims the app will enable "easy reporting of suspected misuse of telecom resources," privacy advocates warn that the increasing data flows could grant authorities unprecedented visibility into device ownership. The lack of detailed information on how collected data will be stored, who will have access, or what safeguards will apply as the system expands is a major point of contention.

"It’s a troubling move to begin with," Prateek Waghre, head of programs and partnerships at the Toronto-based nonprofit policy lab Tech Global Institute, told TechCrunch. "You’re essentially looking at the potential for every single device being ‘databased’ in some form. And then what uses their database can be put to it at a later date, we don’t know."

Digital rights groups highlight the sheer scale of India's smartphone user base, estimated at around 700 million devices, meaning even minor administrative changes can have profound consequences and potentially set global precedents.

"While the intent behind a unified platform may be protection, mandating a single government-controlled application risks stifling innovation particularly from private players and startups who have historically driven secure, scalable digital solutions," said Meghna Bal, director at New Delhi-based technology think tank Esya Centre. "If the government intends to build such systems, they must be backed by independent audits, strong data governance safeguards, and transparent accountability measures. Otherwise, the model not only puts user privacy at stake, but also removes fair opportunity for the ecosystem to contribute and innovate."

Recommerce firms also face potential liability concerns if sensitive customer information is mishandled under the planned API integration. The Indian telecom ministry did not respond to TechCrunch's request for comment.

Waghre further emphasized that while the Sanchar Saathi app is visible, the broader system it connects to operates largely out of sight. He noted that permissions, data flows, and backend changes, including the API integration, might be obscured in terms and conditions that most users never read, leaving them with little understanding of the information being collected or the system's full reach.

"You can’t go about restricting cybercrimes and device thefts in such a disproportionate and heavy-handed way," Waghre concluded.