India’s telecommunications ministry has reportedly ordered mobile device manufacturers to pre-install the government-backed Sanchar Saathi cybersecurity app on all new phones within 90 days, and to push it via software updates to devices already in the supply chain, mapped loosely to MITRE ATT&CK mitigations around M1017 (User Training) and M1032 (Multi-factor Authentication). According to Reuters reporting cited by The Hacker News, the app cannot be deleted or disabled, effectively making it a permanent system component. Sanchar Saathi allows users to report suspected fraud, spam, and malicious links received via calls, SMS, or WhatsApp; block stolen handsets; and check the number of mobile connections registered to their identity, including reporting international calls spoofed with India’s +91 country code. Since its launch in May 2023, the platform has reportedly blocked more than 4.2 million lost devices, traced 2.6 million of them, and recovered about 723,000 devices, with over 11.4 million app installs concentrated in states such as Andhra Pradesh and Maharashtra. The new directive aims to tackle issues like spoofed IMEI numbers and illegal telecom gateways used to route fraudulent calls into India while appearing as domestic numbers, which pose both financial and national security risks. The move aligns India with other countries, such as Russia, that mandate pre-installed security or messaging apps, raising debates about privacy, government access, and vendor control over devices. From a business and policy perspective, the mandate increases compliance obligations for handset manufacturers and potentially for mobile operators who may need to integrate with Sanchar Saathi’s infrastructure for blocking and tracing devices. It also raises concerns for privacy advocates and enterprises about device-level surveillance, data access, and the risks of a non-removable government app being exploited or misused, especially on BYOD endpoints used for corporate access. Organizations operating in India should factor Sanchar Saathi into their mobile security and privacy assessments, including how its presence interacts with enterprise mobile management policies and data-protection obligations. Vendors should clarify what data the app collects, retention policies, and how reports and device-blocking actions are authenticated to prevent abuse. As similar mandates emerge globally, security and legal teams must track how mandatory government apps affect device trust models, encryption policies, and cross-border data flows.
🎯CORTEX Protocol Intelligence Assessment
Business Impact: India’s Sanchar Saathi pre-installation mandate changes the baseline software stack for new smartphones, affecting OEMs, mobile operators, and enterprises that rely on mobile devices for work. While the app may reduce telecom fraud and device theft, it also introduces regulatory and privacy considerations, including potential user concerns and the need to assess how a non-removable government app interacts with corporate data and BYOD programs. Technical Context: Sanchar Saathi functions as an anti-fraud and device management tool that enables reporting of scam calls, blocking of stolen handsets, and IMEI-based tracing, effectively adding a state-backed security layer into the mobile ecosystem. The inability to uninstall or disable the app and its central role in telecom fraud reporting require careful evaluation of access controls, data flows, and potential attack surfaces associated with a widely deployed, privileged application.
⚡Strategic Intelligence Guidance
- Mobile device manufacturers and distributors serving the Indian market should update build and provisioning processes to include Sanchar Saathi, ensuring compliance with the 90-day pre-installation timeline.
- Enterprises with employees in India should review mobile device policies and MDM configurations to account for the mandatory app, assessing privacy, monitoring, and potential conflicts with corporate security tooling.
- Security and legal teams should request detailed documentation on Sanchar Saathi’s data collection, retention, and access controls to evaluate risks to user privacy and corporate information on BYOD devices.
- Telecom operators and large organizations should monitor the effectiveness of Sanchar Saathi for fraud reduction and participate in multi-stakeholder discussions about balancing security benefits with privacy and civil liberties.
Vendors
Sanchar SaathiGovernment of India
Threats
telecom fraudIMEI spoofingillegal telecom gateways
Targets
Indian mobile subscribersmobile device manufacturerstelecom operators