Mandate to Pre-Install iOS App in India
Aditya Kalra and Munsif Vengattil (MacRumors):
India’s telecoms ministry has privately asked smartphone makers to preload all new devices with a state-owned cyber security app that cannot be deleted, a government order showed, a move likely to antagonise Apple and privacy advocates.
In tackling a recent surge of cyber crime and hacking, India is joining authorities worldwide, most recently in Russia, to frame rules blocking the use of stolen phones for fraud or promoting state-backed government service apps.
Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report suspected fraud, spam, and malicious web links through call, SMS, or WhatsApp; block stolen handsets; and allow a mobile subscriber to check the number of mobile connections taken in their name.
One of its important features is the ability to report incoming international calls that start with the country code for India (i.e., +91) to facilitate fraud.
“Such international calls are received by illegal telecom setups over the internet from foreign countries and sent to Indian citizens disguised as domestic calls,” the government notes on the website. “Reporting about such calls helps the Government to act against illegal telecom exchanges which are causing financial loss to the Government’s exchequer and posing a threat to national security.”
[…]
In a statement shared on X on December 2, 2025, India’s telecom minister Jyotiraditya M. Scindia said “this is a completely voluntary and democratic system” and that “users may choose to activate the app and avail its benefits, or if they do not wish to, they can easily delete it from their phone at any time.”
Aditya Kalra and Munsif Vengattil (MacRumors):
Apple does not plan to comply with a mandate to preload its smartphones with a state-owned cyber safety app and will convey its concerns to New Delhi, three sources said, after the government’s move sparked surveillance concerns and a political uproar.
[…]
At present, the app can be deleted by users. Scindia did not comment on or clarify the November 28 confidential directive that ordered smartphone makers to start preloading it and ensure “its functionalities are not disabled or restricted.”
Apple however does not plan to comply with the directive and will tell the government it does not follow such mandates anywhere in the world as they raise a host of privacy and security issues for the company’s iOS ecosystem, said two of the industry sources who are familiar with Apple’s concerns.
In 2021, Apple complied with a Russian law to offer government-approved apps for installation. Apple no longer directly sells iPhones in Russia, but it seems that resellers have to follow the new law that mandates pre-installing the MAX and RuStore apps.
The India directive isn’t just a request. The DoT said it ordered companies to comply within 90 days and submit a compliance report in 120 days, and that phone makers must “ensure that the pre-installed Sanchar Saathi application is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted.”
For devices that are already manufactured or ready to be sold to consumers, manufacturers and importers “shall make an endeavour to push the App through software updates,” the DoT said.
[…]
The Internet Freedom Foundation, an Indian digital rights advocacy group, said the government directive “converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove. For this to work in practice, the app will almost certainly need system level or root level access, similar to carrier or OEM system apps, so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from peering into the data of others, and turns Sanchar Saathi into a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user.”
The group said that while the app is being “framed as a benign IMEI checker,” a server-side update could repurpose it to perform “client side scanning for ‘banned’ applications, flag VPN usage, correlate SIM activity, or trawl SMS logs in the name of fraud detection. Nothing in the order constrains these possibilities.”
Following backlash and concerns that the security app would broadenthe government’s access to users’ devices and erode privacy, the Indian government has backed away from its plans to force smartphone makers to preload the Sanchar Saathi app on all devices sold in the country.
“Given Sanchar Saathi’s increasing acceptance, the government has decided not to make the pre-installation mandatory for mobile manufacturers,” it said in a statement released December 3, 2025.
Previously:
