Full Report
India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to a report from Reuters, the app cannot be deleted or disabled from users' devices. Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report
Analysis Summary
# Regulation/Compliance: Mandatory Pre-installation of Sanchar Saathi Cybersecurity App
## Overview
This mandate requires mobile device manufacturers operating in India to preload a Government of India-backed cybersecurity application named Sanchar Saathi onto all new mobile devices prior to sale. The app's core purpose is to combat telecom fraud, spam, illegal telecom setups, and misuse of mobile connections, and to facilitate the tracking and blocking of stolen handsets.
## Key Details
- Issuing Authority: India's Telecommunications Ministry (Department of Telecommunications/Ministry of Communications)
- Effective Date: Mandate issued around November 28, 2025.
- Jurisdiction: Mobile device sales and distribution within India.
- Status: In Effect (Reportedly issued as a directive).
## Requirements
### Mandatory Requirements
1. **Pre-installation:** Major mobile device manufacturers must preload the Sanchar Saathi application onto **all new phones** sold in the Indian market.
2. **Non-Removability:** The Sanchar Saathi application **cannot be deleted, disabled, or uninstalled** by the end-user from their device.
3. **Supply Chain Update:** Manufacturers are required to push the application via a **software update** to devices already in the supply chain.
4. **Platform Availability:** The requirement applies to devices running major mobile operating systems (Android and iOS).
### Recommended Practices
1. **Leverage App Functionality:** Manufacturers should ensure the pre-installed app is easily accessible to users, encouraging the use of features like:
* Reporting suspected fraud, spam, and malicious web links via call, SMS, or WhatsApp.
* Blocking and tracing stolen handsets.
* Checking the number of mobile connections registered under the subscriber’s identity.
* Reporting suspicious international calls (+91 originating calls allegedly routed through illegal setups).
## Affected Organizations
- Industries: Mobile Device Manufacturing, Mobile Handset Sales and Distribution.
- Organization Size: Applies to "major mobile device manufacturers."
- Geographic Scope: Any device sold within the territory of India.
## Compliance Timeline
- **Directive Issued:** On or around November 28, 2025.
- **Initial Deadline:** Within $\mathbf{90\ days}$ of the directive for all new devices entering the market.
- **Software Update Deadline:** Requirement to update devices already in the supply chain must also be met within the 90-day window or as specified by the directive.
## Implementation Guidance
### Assessment Phase
- **Inventory Check:** Identify all new and existing (in-supply-chain) Android and iOS device models scheduled for sale in India post-directive.
- **Technical Feasibility:** Determine the necessary integration points within the device OS/firmware to ensure the app is factory-loaded or pushed via mandatory OTA updates.
### Implementation Phase
- **Software Integration:** Partner with the Ministry/Developer to procure the official Sanchar Saathi build for integration during manufacturing or post-production updates.
- **Non-Removal Validation:** Implement system controls to prevent standard user or non-privileged root access from uninstalling or disabling the application process.
- **OTA Strategy:** Develop a strategy to push the required software update to affected devices currently in transit or dealer inventory to meet compliance before sale.
### Validation Phase
- **Audit Testing:** Conduct internal audits or submit devices to regulatory bodies to confirm the app is present, functional, and non-removable on devices exiting the supply chain.
## Technical Requirements
* **Preloading:** The app must be installed at the system level to meet the "cannot be deleted or disabled" criteria, likely requiring system partition placement or deep OS integration hooks.
* **OS Agnostic:** Solutions must cater to both Android and iOS environments, potentially utilizing platform-specific deployment mechanisms (e.g., OEM customizations for Android, MDM/Provisioning profiles for iOS, if applicable).
* **Functionality:** Must support reporting mechanisms for fraud, spam, stolen device blocking, and connection checks.
## Penalties & Enforcement
The provided article does not explicitly detail the fines or specific penalty structures for non-compliance by manufacturers, but it frames the mandate as a necessity for national security and preventing financial loss to the government exchequer. Given the context of other high-stakes directives (e.g., Russia), enforcement is likely severe.
- Fines: *Not specified in the provided text.*
- Other Consequences: Potential disruption of manufacturing/sales permits, supply chain restrictions, and reputational damage associated with failing to secure national telecom infrastructure as mandated.
- Enforcement: Relies on the regulatory authority of the Telecommunications Ministry to monitor device sales and software releases. The comparison to actions taken against messaging apps in Russia suggests strong governmental oversight.
## Related Standards
- **Telecom/Cybersecurity Frameworks (Implied):** Compliance inherently ties into India's broader national cybersecurity and telecom regulatory structure (e.g., CERT-In directives, Indian Telegraph Act regulations).
- **Integration Standards:** Compliance requires adherence to specific technical guidelines issued by the Ministry regarding app signature, secure storage, and mandated integration points within the mobile OS frameworks.
## Resources
- Official Documentation: *Specific directive links are not included in the summary text.* (Reference Reuters/Ministry announcements dated November 28, 2025).
- Guidance Documents: The Sanchar Saathi portal ([sancharsaathi.gov.in](https://sancharsaathi.gov.in/)) outlines user-facing features, which manufacturers should review for integration reference.
- Tools: The existing Sanchar Saathi application itself serves as the primary compliance tool for end-users.
## Practical Recommendations
1. **Immediate Consultation:** Manufacturers must immediately engage with the Indian Telecommunications Ministry to obtain the precise technical specifications and final text of the November 28, 2025, directive.
2. **Firmware Readiness:** Prioritize the integration of the Sanchar Saathi package into current and next-generation device firmware builds targeting India.
3. **Software Rollout Plan:** Develop an agile Over-The-Air (OTA) deployment plan capable of reaching all existing stock in the supply chain within the mandated 90-day window.
4. **Transparency:** Prepare communications for consumers regarding the mandatory, non-removable status of the application, addressing potential privacy inquiries related to pre-installed software.