The Indian government is widening the scope of its anti-theft and cybersecurity initiative to cover both new and used smartphones, an effort aimed at curbing device theft and online fraud but a move that is also raising fresh privacy concerns.
As part of the expansion, the Indian telecom ministry is requiring companies that buy or trade used phones to verify every device through a central database of IMEI numbers. This comes in addition to a recent directive ordering smartphone manufacturers to preinstall the government’s Sanchar Saathi app on all new handsets and push it onto existing devices through a software update.
Reuters first reported the news on Monday, which was later confirmed by the ministry in a public statement.
Launched in 2023, the Sanchar Saathi portal allows users to block or trace lost and stolen phones. The system has blocked more than 4.2 million devices and traced 2.6 million more devices, per government data. The system expanded earlier this year with the release of a dedicated Sanchar Saathi app in January, which the government says helped recover more than 700,000 phones, including 50,000 in October alone.
The Sanchar Saathi app has since gained broad adoption. The app has been downloaded nearly 15 million times and saw more than three million monthly active users in November — up more than 600% from its launch month, according to marketing intelligence firm Sensor Tower. Web traffic to Sanchar Saathi has also surged, with monthly unique visitors rising by more than 49% year-over-year, per Sensor Tower data shared with TechCrunch.
The government’s order to pre-install Sanchar Saathi has already drawn significant backlash from privacy advocates, civil society groups, and opposition parties. Critics argue the move expands state visibility into personal devices without adequate safeguards. The Indian government, however, says the mandate is intended to address rising cases of cybercrime, such as IMEI duplication, device cloning, fraud in the second-hand smartphone market, and identity theft scams.
Responding to the controversy, telecom minister Jyotiraditya M. Scindia said on Tuesday that Sanchar Saathi is “a completely voluntary and democratic system” and that users can delete the app if they do not wish to use it. The directive reviewed by TechCrunch — and circulating on social media on Monday — instructs manufacturers to ensure the pre-installed app is “readily visible and accessible to end users at the time of first use or device setup” and that “its functionalities are not disabled or restricted,” raising questions about whether the app is truly optional in practice.
Techcrunch event
San Francisco
|
October 13-15, 2026
Deputy telecom minister Pemmasani Chandra Sekhar said in media interviews that most major manufacturers were included in the government’s working group on the initiative, though Apple did not participate.
Alongside pushing the Sanchar Saathi app, the telecom ministry is piloting an application program interface — or API — that would allow recommerce and trade-in platforms to upload customer identities and device details directly to the government, two people familiar with the matter told TechCrunch. The move would mark a significant step toward creating a nationwide record of smartphones in circulation.
India’s used-smartphone segment is expanding rapidly as rising prices of new devices and longer replacement cycles push more consumers toward cheaper alternatives. India became the world’s third-largest market for second-hand smartphones in 2024.
But as much as 85% of the second-hand phone sector remains unorganized, meaning most transactions occur through informal channels and through brick-and-mortar stores. The government’s move covers only formal recommerce and trade-in platforms, leaving much of the broader used-device market outside the scope of the current measures.
While announcing the pre-installation of its app, the Indian government said the move would help enable “easy reporting of suspected misuse of telecom resources.” Privacy advocates say that the growing data flows could give authorities unprecedented visibility into device ownership — raising concerns over how the information could be used or misused.
“It’s a troubling move to begin with,” said Prateek Waghre, head of programs and partnerships of Toronto-based nonprofit policy lab, Tech Global Institute, told TechCrunch. “You’re essentially looking at the potential for every single device being ‘databased’ in some form. And then what uses their database can be put to it at a later date, we don’t know.”
The Indian government has not yet detailed how the collected data will be stored, who will have access to it, or what safeguards will apply as the system expands. Digital rights groups say the sheer scale of India’s smartphone base — estimated at some 700 million devices — means even administrative changes can have outsized consequences, potentially setting precedents that other governments may study or replicate.
“While the intent behind a unified platform may be protection, mandating a single government-controlled application risks stifling innovation particularly from private players and startups who have historically driven secure, scalable digital solutions,” said Meghna Bal, director at New Delhi-based technology think tank, Esya Centre.
“If the government intends to build such systems, they must be backed by independent audits, strong data governance safeguards, and transparent accountability measures. Otherwise, the model not only puts user privacy at stake, but also removes fair opportunity for the ecosystem to contribute and innovate,” said Bal.
The planned API also raises concerns for recommerce firms, which could face liability if sensitive customer information is mishandled.
The Indian telecom ministry did not respond to TechCrunch’s request for comment.
Waghre noted that while the Sanchar Saathi app is visible on a user’s phone, the broader system it connects to operates largely out of sight. The permissions, data flows, and backend changes, including the planned API integration, may be buried in long-term-and-conditions documents that most people never read, he said. As a result, users may have little practical understanding of what information is being collected, how it is shared or the extent of the system’s reach.
“You can’t go about restricting cybercrimes and device thefts in such a disproportionate and heavy-handed way,” said Waghre.
“The government is basically saying that, look, you need to put my app on every device that is sold, on every existing device, you have to install it, and in anything that’s being resold as well,” he said.
