India Cancels Mandatory Cybersecurity App Requirement for Smartphones

The Indian government has revoked its directive requiring smartphone manufacturers to preload a state-run cybersecurity application, following significant backlash from opposition leaders and privacy advocates. On December 3, 2023, the Ministry of Communications announced that the pre-installation of the app, known as Sanchar Saathi (Communication Partner), would no longer be mandatory for companies like Apple, Samsung, and Xiaomi.

The initial order, which was reportedly issued confidentially, mandated that these manufacturers include the app within 90 days. However, the plan quickly faced criticism, with many citing concerns over potential surveillance and privacy violations. The government defended the app, asserting it was intended to help track stolen phones and prevent their misuse. Despite this, opposition from political parties and public figures escalated, prompting the government to reconsider its position.

In a press statement, the Ministry clarified, “The government has decided not to make the pre-installation mandatory for mobile manufacturers.” This statement came after a series of protests and debates, where critics pointed to the risks associated with a non-removable app potentially containing backdoor access to users’ data. Senior Congress leader Randeep Singh Surjewala emphasized the necessity for transparency regarding the government’s legal authority to enforce such a mandate, calling for a parliamentary debate on privacy and security issues.

The controversy surrounding the app garnered significant media attention, with various newspaper editorials joining privacy advocates in denouncing the government’s approach. Industry sources indicated that major smartphone manufacturers, including Apple and Samsung, were already planning to defy the directive, further complicating the government’s efforts.

The app’s introduction had raised alarms due to its lack of precedents in democratic nations, with Russia cited as a similar example. In August, Moscow mandated the pre-installation of a state-backed messaging application called MAX on all mobile devices, which critics argue could be used to monitor users.

Despite the backlash, the Indian government claimed the app was secure and designed to protect citizens from cyber threats. They noted a 13 percent increase in daily downloads of Sanchar Saathi, reaching 78,000 downloads on the day prior to the announcement.

Prime Minister Narendra Modi has faced scrutiny over privacy issues in the past. His government was criticized for implementing a mandatory COVID-19 contact-tracing app in 2020, which was later revised to a voluntary request following public outcry.

The revocation of the mandatory pre-installation requirement marks a significant turn in the Indian government’s approach to cybersecurity and privacy, reflecting the growing influence of public opinion and advocacy groups on policy decisions.