India has once again arrived at a digital crossroads, and this time the road ahead is paved with controversy, caution, and an uncomfortable question about the future of our freedoms. The government has ordered that every new smartphone sold in India must come pre-loaded with its state-run Sanchar Saathi cybersecurity app – a permanent resident on your device, non-removable, non-disable-able, and non-negotiable. In a nation where the mobile phone is not just a gadget but a lifeline for more than 1.2 billion people, this mandate has triggered ripples of concern across the country. The official reasoning is straightforward: India has a massive second-hand smartphone market, a flourishing ecosystem where stolen, blacklisted, and spoofed-IMEI devices often circulate freely. These duplicate or manipulated IMEIs, the government says, pose a “serious endangerment” to the cyber integrity of telecom networks. They enable criminals to hide, fraudsters to operate, and stolen devices to slip back into circulation unnoticed. And in fairness, the Sanchar Saathi app has already demonstrated utility. It has helped recover more than 700,000 lost or stolen phones – 50,000 of them in October alone, according to data cited by Reuters. It lets users check IMEI authenticity, report lost devices, flag suspicious communication attempts, and track telecom misuse. On paper, this sounds like the kind of digital shield a modern nation should embrace.
But good intentions do not erase the larger truth. When a government says an app must be forcibly embedded into a phone – permanently, visibly, and beyond the citizen’s control – it steps into territory that democracies must navigate with extreme caution. This is where cybersecurity ends, and where the anxiety of surveillance begins. The mandate raises a simple but fundamental question: if the app is beneficial, why not give citizens the ability to choose it voluntarily? Why make it impossible to delete or disable? Why convert a useful tool into an unavoidable obligation? The Supreme Court of India has already declared privacy a fundamental right. That right does not vanish just because the State believes it is acting in the public interest. Privacy is not a luxury; it is an essential pillar of a free society. Citizens do not surrender their constitutional rights simply by buying a smartphone.
Cyber experts have sounded alarms because a system-level, non-removable app is not just another application. It becomes part of the phone’s digital bloodstream. Even if the government does not intend surveillance today, the architecture enables it tomorrow. Safety is not the issue – the issue is the potential for oversight, misuse, or quiet evolution of the app’s capabilities. Citizens are right to question: What data can this app access? What data does it store? Who audits the system? Who ensures the code cannot be altered for broader monitoring in the future? Why no public consultation? Why no declaration of data safeguards? In technology, the question is never what the tool does today – it is what it can be repurposed to do in the future. This is not fearmongering. This is responsible civic scrutiny.
Meanwhile, smartphone manufacturers are scrambling. They have 90 days to re-engineer their devices, modify software builds, change production lines, and adapt packaging. Imported devices will require India-specific firmware – adding compliance costs, delays, and the possibility of manufacturers raising prices or scaling back models. The order even asks companies to attempt pushing the app into unsold inventory via software updates. This is not a minor adjustment – it is a nationwide recalibration of the smartphone ecosystem. And all of this has been announced without public debate, without industry consultations, and without transparent clarifications. When the State enforces technology decisions without engaging the stakeholders – citizens, industry, and experts – it builds suspicion, not trust.
The intention behind Sanchar Saathi is not wrong. India does need strong digital safeguards. The IMEI fraud market must be crushed. Cybercriminals must not be allowed to exploit loopholes in telecom tracking. But a secure nation does not require its citizens to feel watched. Cybersecurity should not become cyber-compulsion. A nation of more than a billion people cannot be treated like a classroom of students who must accept whatever rules are suddenly introduced. Good governance is rooted in persuasion, not imposition. A democracy must never forget that the citizen is the primary stakeholder – not a passive recipient of unilateral directives.
There were several alternative approaches. The government could have made Sanchar Saathi optional but strongly recommended. It could have offered incentives – like faster issue resolution, telecom benefits, or priority support – to users who voluntarily enabled it. It could have launched an education campaign explaining the risks of counterfeit IMEI devices. It could have engaged cyber experts to design a better IMEI verification ecosystem. It could have asked manufacturers to pre-install the app but allow users the right to uninstall. It could have protected both security and choice.
Instead, by making the app mandatory and immovable, the government has created unnecessary friction around what could have been a genuinely useful national tool. It has turned a security measure into a debate about digital freedom. It has replaced trust with apprehension. And it has opened the door to the one fear Indians never want to entertain: the possibility that their phone – an extension of their identity – may no longer be entirely theirs.
India needs cybersecurity, yes. But India also needs to preserve the dignity and autonomy of its citizens in the digital age. Cyber threats are real, but so is the creeping danger of normalised surveillance. A safe India must also remain a free India. Sanchar Saathi should be an ally – chosen willingly – not a forced companion embedded into the pocket of every citizen. Cybersecurity must shield the people, not shadow them.
