India mandates all new smartphones be loaded with an untraceable, state-run cybersecurity app, sparking privacy concerns.
Under the order – passed last week but announced on Monday – 90 days to secure all new devices Sachar Saathi app.
It says it is necessary to help citizens verify the authenticity of a handset and report suspected misuse of telecom resources.
The move – which comes in one of the largest phone markets in the world, with more than 1.2 billion mobile users – has been criticized by cyber experts, who say it prioritizes privacy over privacy.
Launched in January, the Sanchar Saathi app allows users to check IMEI, report lost or stolen phones and flag suspicious communications for research.
An IMEI – The International Mobile Equipment Identity – is a unique 15-digit code that identifies and authenticates a mobile device on a cellular network. The code is essentially the phone’s serial number.
In a statement, India’s Department of Telecommunications said mobile handsets with duplicate or duplicate IMEI numbers pose a “serious concern.
“India has a large market of Mobile Devices in Mobile. Cases have also been found when stolen or blacklisted devices are also sold,” further loss of compensation for the disability of them “.
Under the new rules, the pre-installed app must be “readily visible and accessible” to users when they set up a device and cannot be blocked.
Smartphone makers should also “make an effort” to provide apps through software updates for devices that are not sold, it said.
All companies are asked to provide responses to the order reports in 120 days.
The government said the move will strengthen telecom cybers. A router reported official figures, saying the app has helped recover more than 700,000 lost phones – including 50,000 in October alone.
But experts say the app’s broad permissions raise concerns about how much data can be collected, broadening the scope for monitoring.
“In simple terms, these converts sold in India in a ship for the order software of the state that does not meaningfully refuse, or get,” controkase group of Internet Freedom Felactom Foraker Foundation.
The scheme – which makes the app impossible to disable – also undermines safeguards that would normally stop an app from accessing others’ data, the group said.
This, it adds, effectively turns the app into “a permanent, non-consulting access point sitting inside the operating smartphone.”
Technology analyst and writer Prasanto K Roy says the biggest concern is about how much access an app ultimately allows on the handset.
“We can’t see exactly what it’s doing, but we can see that it’s asking for a lot of permissions — potentially accessing everything from the flashlight to the camera.
On Google’s Play Store, the app says it doesn’t collect or share any user data. The BBC has reached out to the Department of Telecommunications with questions about the app and privacy concerns related to it.
Mr Roy added that compliance would be difficult, as the order goes against the policies of most handset makers, including Apple.
“Most companies prohibit the installation of any government or third-party app before selling a smartphone,” he said.
While India’s smartphone market is dominated by Android, Apple’s iOS will have an estimated 4.5% of the country’s 735 million smartphones by mid-2025, according to counternt research.
“Apple has historically refused such requests from governments,” Tarun Pathak, a director of research at Counternt, told Reuters.
Apple has not commented publicly, but Reuters reports that it will not comply and will “communicate Delhi’s concerns.”
India is not the only country to restrict device verification rules.
In August, Russia ordered all phones and tablets sold in the country to be installed with the State-backed Max Messenger, highlighting similar privacy and surveillance concerns.
Follow BBC News India on Instagram, YouTube, Twitter and FICKOK.