India mandates all cellphone makers to pre-install the “Sanchar Saathi” cybersecurity app within 90 days, allowing users to uninstall it if desired.
All cellphone makers and importers must pre-install the cybersecurity “Sanchar Saathi” app on handsets for sale in India within 90 days, an official directive from the Department of Telecommunications (DoT) said.
A DoT official confirmed the directive and said users can uninstall the app if they want. Media reports initially said the directive had restricted uninstallation of the app.
The app allows users to verify their cellphone’s International Mobile Equipment Identity (IMEI) number – a unique ID that helps identify devices–as well as report the misuse of such numbers. Officials said the app was essential to combat “serious endangerment” of telecom cyber security from duplicate or spoofed IMEI numbers, which enable scams and network misuse.
Another DoT official, who asked not to be named, said the app will make it easier to report fraud.
“Right now, reporting time varies because users have to go to the website to report fraud or stolen mobile phones,” said the official.
According to the directive, issued on November 28, all original equipment manufacturers (OEMs) and importers have 90 days to install the app across their cellphone lineup, and a further 30 days to file a compliance report with DoT.
Manufacturers will be required to push out software updates with the app for all devices already manufactured, sold, or within supply chain cycles.
Several companies, including Apple, Oppo, Xiaomi and Samsung, did not respond to requests for comment on the order
The directive, which HT has seen, said the app “must be visible at first use” – a user must be able to see the app when they first turn on their new device – and that “its functionalities cannot be disabled”. Officials clarified that the confusion over uninstalling the app may have stemmed from the latter clause.
“There is a misconception being circulated that the app cannot be deleted. This is baseless,” said the first DoT official cited above.
The app’s functionalities cannot be disabled when it is on a user’s phone. To disable those functions, the app itself must be uninstalled, clarified the DoT official.
Users will also need to register on the Sanchaar Sathi app before it can be used. The app will not require OTP verification. “This saves time and in fraud cases, even a few seconds matter,” said the second official.
The order, issued under the Telecommunications (Telecom Cyber Security) Rules, 2024, said that the app has been instituted as a digital mechanism to “identify and report acts that may endanger telecom cyber security” and “enables stakeholders to report IMEI related suspicious misuse and also to verify authenticity of IMEIs used in mobile devices.”
When asked how users would report a lost phone if the app is on the device itself, the first DoT official cited said the web portal is “advanced enough” that users do not need to remember their IMEI number.
In a separate order on November 28, DoT had ordered major app-based communication services, including WhatsApp, Telegram and Snapchat, to ensure their apps are used only in devices with an active SIM card linked to the user’s mobile number.
That order also said that the web platforms of these apps, such as WhatsApp Web, must log out users automatically every six hours, after which users will need to re-link their device via a QR code.
The government, in a statement on Monday, said the directions were “essential to plug a concrete security gap” that cybercriminals are exploiting to run large-scale, often cross-border, digital frauds.
“Accounts on instant messaging and calling apps continue to work even after the associated SIM is removed, deactivated or moved abroad, enabling anonymous scams, remote `digital arrest’ frauds and government-impersonation calls using Indian numbers,” the release said.
