India's Department of Telecommunications (DoT) has reportedly issued a directive requiring every smartphone manufacturer selling devices in India — Apple, Samsung, Xiaomi, Vivo, Oppo and the rest — to pre-install the government's Sanchar Saathi anti-fraud and stolen-phone-tracking application within 90 days, and to ensure that users cannot uninstall it. The order, surfaced in late April 2026, marks the most aggressive forced-install mandate India has imposed on the mobile sector to date.
The policy goal is legitimate. Mobile-enabled financial fraud, SIM-swap scams and stolen-handset trafficking are genuine harms in a country with well over a billion mobile subscribers. The Sanchar Saathi portal, launched by the DoT in 2023, integrates the Central Equipment Identity Register (CEIR) for tracking lost or stolen devices, the TAFCOP tool that lets users see how many SIMs are issued in their name, and a Chakshu module for reporting suspected fraud communications. These are useful services. The question is not whether the government should fight phone fraud — it should — but whether forced pre-installation is the proportionate way to do it.
What the Directive Actually Demands
According to the reported text of the order, OEMs must:
- Ship Sanchar Saathi pre-installed on every device sold in India within 90 days of the directive;
- Make the application non-removable through standard user controls;
- Surface the app prominently on first-boot setup flows; and
- Confirm compliance to the DoT before continued device certification.
That last condition is the teeth. Type-approval and import clearance for mobile handsets run through DoT-affiliated bodies, so non-compliance is not a theoretical risk — it is a market-access risk.
Three Problems With Forced Pre-Install
1. It conflates a useful service with a privileged piece of system software. A user who wants Sanchar Saathi can already download it from the Play Store or App Store. A user who does not want it gains nothing by having it pre-installed and locked. The marginal user the mandate captures is precisely the user who has not chosen to install it — which is, by definition, a non-consensual relationship between citizen and state app.
2. Non-removability is a category error. Android and iOS have spent a decade building permissioned, sandboxed app models that let users grant or revoke access to location, contacts, calls and SMS. A non-removable government app sits awkwardly inside that model. Even if Sanchar Saathi's current build is well-behaved, future updates ship under the same elevated trust assumption — and users have no exit. The European Commission's 2024 enforcement work under the Digital Markets Act has pushed in the opposite direction, requiring gatekeepers to allow uninstallation of pre-loaded apps. India is moving against that grain.
3. The privacy framework is not ready. India's Digital Personal Data Protection Act, 2023 establishes purpose limitation, data minimisation and a Data Protection Board, but the implementing rules are still being finalised and the Board is not yet fully operational. Mandating a government app with potential access to IMEI, device identifiers, call metadata and location — without a functioning independent regulator to police misuse — inverts the sequencing that the DPDP Act itself contemplates.
The Aarogya Setu Lesson
India has been here before. During COVID-19, the Aarogya Setu contact-tracing app was effectively required for office entry, train travel and certain government services. A Kerala High Court petition and parliamentary committee scrutiny eventually forced clarifications on data retention, source-code disclosure and the legal basis for the app. The episode established a soft norm: government apps should be available, sometimes encouraged, but not compelled. The Sanchar Saathi directive walks back that norm.
Pre-installation is not neutral plumbing — it is editorial control over what runs on a billion private devices.
What Proportionate Regulation Looks Like
There is a less invasive path that achieves the same policy goal:
- Promote, don't pre-install. Require OEMs to surface Sanchar Saathi in setup flows as a prominent optional install, alongside a plain-language description of what it does. Adoption from a well-designed prompt is typically high.
- Mandate the capability, not the app. The genuinely critical function — IMEI blocking of stolen handsets — can be done at the network and CEIR backend level without any client-side app at all. Operators already do most of this work.
- Sunset and audit. Any pre-install obligation, if retained, should carry a statutory sunset, an annual transparency report, and Data Protection Board oversight once the DPDP regime is fully operational.
- Preserve uninstallability. Users who decline the app should not be punished by a locked icon on their home screen for the life of the device.
Why This Matters Beyond India
India is the world's second-largest smartphone market and a bellwether for digital regulation across the Global South. If New Delhi normalises non-removable state apps as a condition of market access, expect copycat mandates from Jakarta to Lagos. Apple and Samsung will comply — the Indian market is too large to walk away from — but the precedent ripples outward. Western governments that have spent years criticising forced-install requirements in other jurisdictions will find their arguments harder to make.
Anti-fraud is a worthy cause. Forced installation is a heavy instrument. India can have the first without resorting to the second, and a democracy with India's institutional depth should aim higher than treating every citizen's phone as government-administered hardware. The 90-day clock is running. There is still time for the DoT to revise the order toward the lighter, opt-in design that the problem actually warrants.