India has ordered all new smartphones to come pre-loaded with a non-removable, state-run cybersecurity app, sparking privacy concerns.
Under the order – passed last week but made public on Monday – smartphone makers have 90 days to ensure all new devices come with the government’s Sanchar Saathi app.
It says this is necessary to help citizens verify the authenticity of a handset and report the suspected misuse of telecom resources.
The move – which comes in one of the world’s largest phone markets, with more than 1.2 billion mobile users – has been criticised by cyber experts, who say it breaches citizens’ right to privacy.
Launched in January, the Sanchar Saathi app allows users to check a device’s IMEI, report lost or stolen phones and flag suspected fraud communications.
An IMEI – the International Mobile Equipment Identity – is a unique 15-digit code that identifies and authenticates a mobile device on cellular networks. The code is essentially the phone’s serial number.
In a statement, India’s Department of Telecommunications said that mobile handsets with duplicate or spoofed IMEI numbers pose “serious endangerment” to telecom cyber security.
“India has big second-hand mobile device market. Cases have also been observed where stolen or blacklisted devices are being re-sold,” it said, adding that this makes the purchaser an “abetter in crime and causes financial loss to them”.
Under the new rules, the pre-installed app must be “readily visible and accessible” to users when they set up a device and its functionalities cannot be disabled or restricted.
Smartphone makers must also “make an endeavour” to provide the app through software updates for devices that are out of factories but haven’t been sold yet, the statement said.
All companies have been asked to give compliance reports on the order in 120 days.
