India Mandates Pre-Installation of Sanchar Saathi Cybersecurity App on Smartphones
India's telecommunications ministry has issued a directive requiring all major smartphone manufacturers, including Apple, Samsung, Vivo, Oppo, and Xiaomi, to preload a government-backed cybersecurity app called Sanchar Saathi on all new devices within 90 days. The app, which cannot be deleted or disabled by users, is designed to combat telecom fraud, spam, and malicious activity by allowing users to report suspicious calls, block stolen handsets, and monitor the number of mobile connections registered in their name. The government order also mandates that devices already in the supply chain receive the app via a software update, raising concerns among industry players and privacy advocates about the lack of prior consultation and potential privacy implications.
Sanchar Saathi has already been installed over 11.4 million times and has played a significant role in blocking more than 4.2 million lost devices and recovering over 700,000 phones since its launch. The app's features include the ability to report international calls spoofed as domestic, helping authorities crack down on illegal telecom exchanges that facilitate scams and pose national security risks. The move underscores India's efforts to strengthen telecom cybersecurity amid a rapidly growing mobile user base exceeding 1.2 billion subscribers, but it also places the country alongside others like Russia in mandating pre-installed government software on consumer devices.
Sources
5 more from sources like register security, the record media, security online info, reuters and the hacker news
Related Stories
India Reverses Mandate for Preinstalled State-Run Cyber Safety App on Smartphones
The Indian government has withdrawn a directive that would have required all smartphone manufacturers to preinstall the state-run Sanchar Saathi cyber safety app on new devices, following significant pushback from major industry players and privacy advocates. The original order, issued confidentially, mandated that the app be integrated into device firmware and not removable by users, raising concerns about user privacy, device security, and the precedent of government-mandated software on consumer electronics. Apple and Samsung, in particular, led the resistance, arguing that such requirements could introduce vulnerabilities and undermine user trust, with Apple reportedly refusing to comply in any market. The swift policy reversal was confirmed by India’s telecoms ministry just days after the initial reports surfaced, ending a brief but intense standoff between the government and global handset makers. The episode highlights ongoing tensions between regulatory efforts to enhance cybersecurity and the tech industry’s insistence on user autonomy and secure device ecosystems. The withdrawal of the mandate is seen as a victory for privacy advocates and sets a precedent for future government-technology industry interactions in India.
3 months agoIndia Mandates SIM-Binding and Frequent Re-Verification for Messaging Apps to Combat Fraud
The Indian government has introduced new regulations requiring messaging apps such as WhatsApp, Telegram, Signal, and Snapchat to operate only with active SIM cards linked to users’ phone numbers. This move is intended to curb the rising incidents of cyber fraud and misuse, particularly those perpetrated from outside the country using Indian mobile numbers. Under the new rules, web and desktop sessions must automatically log out within six hours, and users will be required to re-verify their accounts frequently. Messaging app providers have 90 days to implement these changes and 120 days to report compliance, as part of an amendment to the 2024 Telecom Cyber Security Rules. The Department of Telecommunications (DoT) stated that the previous ability to maintain long-lived sessions without an active SIM was being exploited for large-scale, cross-border scams, phishing, and other fraudulent activities. By enforcing SIM-binding and frequent re-verification, authorities aim to close this security loophole and make it more difficult for criminals to operate anonymously or from abroad using Indian identifiers. The new measures are a direct response to the increasing sophistication of cybercriminals targeting Indian users through messaging platforms.
3 months ago
India Expands Digital Identity Use Amid Security and Privacy Concerns
Indian officials and agencies are pushing to broaden the use of digital identity in both public and private contexts, while explicitly raising cybersecurity and accountability concerns. In Hyderabad, Police Commissioner **V.C. Sajjanar** publicly argued that autonomous **AI agents** operating in critical sectors (e.g., banks, hospitals, power grids) should be issued a verifiable *digital identity* and be subject to strong **logging and traceability** so investigators can determine “which agent opened which file,” what changes were made, and where data was sent—framing the need as a safeguard against errors and the risk of **cybercriminals hijacking agent behavior**. Separately, India’s **UIDAI** is expanding **Aadhaar** into more day-to-day use via a new Aadhaar app and an **offline verification** framework intended to reduce reliance on real-time checks against the central database, while enabling *selective disclosure* (e.g., proving age without sharing full birthdate). The initiative also extends Aadhaar into consumer ecosystems (including planned **Google Wallet** integration and discussions with **Apple Wallet**) and into operational deployments such as policing and hospitality—e.g., Ahmedabad City Crime Branch integrating Aadhaar-based offline verification with the **PATHIK** guest-monitoring platform—prompting critics to reiterate concerns about **security, consent, and privacy** as Aadhaar’s footprint grows.
1 months ago