The Indian authorities is widening the scope of its anti-theft and cybersecurity initiative to cowl each new and used smartphones, an effort aimed toward curbing machine theft and on-line fraud however a transfer that can be elevating contemporary privateness considerations.

As a part of the enlargement, the Indian telecom ministry is requiring firms that purchase or commerce used telephones to confirm each machine by a central database of IMEI numbers. This comes along with a current directive ordering smartphone producers to preinstall the federal government’s Sanchar Saathi app on all new handsets and push it onto present gadgets by a software program replace.

Reuters first reported the information on Monday, which was later confirmed by the ministry in a public assertion.

Launched in 2023, the Sanchar Saathi portal permits customers to dam or hint misplaced and stolen telephones. The system has blocked greater than 4.2 million gadgets and traced 2.6 million extra gadgets, per authorities knowledge. The system expanded earlier this yr with the release of a devoted Sanchar Saathi app in January, which the federal government says helped get well greater than 700,000 telephones, together with 50,000 in October alone.

The Sanchar Saathi app has since gained broad adoption. The app has been downloaded almost 15 million occasions and noticed greater than three million month-to-month energetic customers in November — up greater than 600% from its launch month, in response to advertising and marketing intelligence agency Sensor Tower. Net site visitors to Sanchar Saathi has additionally surged, with month-to-month distinctive guests rising by greater than 49% year-over-year, per Sensor Tower knowledge shared with TechCrunch.

The federal government’s order to pre-install Sanchar Saathi has already drawn vital backlash from privateness advocates, civil society teams, and opposition events. Critics argue the transfer expands state visibility into personal devices with out sufficient safeguards. The Indian authorities, nevertheless, says the mandate is meant to handle rising instances of cybercrime, akin to IMEI duplication, machine cloning, fraud within the second-hand smartphone market, and identification theft scams.

Responding to the controversy, telecom minister Jyotiraditya M. Scindia stated on Tuesday that Sanchar Saathi is “a totally voluntary and democratic system” and that customers can delete the app if they don’t want to use it. The directive reviewed by TechCrunch — and circulating on social media on Monday — instructs producers to make sure the pre-installed app is “readily seen and accessible to finish customers on the time of first use or machine setup” and that “its functionalities usually are not disabled or restricted,” elevating questions on whether or not the app is actually non-obligatory in apply.

Deputy telecom minister Pemmasani Chandra Sekhar said in media interviews that almost all main producers have been included within the authorities’s working group on the initiative, although Apple didn’t take part.

Alongside pushing the Sanchar Saathi app, the telecom ministry is piloting an software program interface — or API — that will permit recommerce and trade-in platforms to add buyer identities and machine particulars on to the federal government, two folks acquainted with the matter instructed TechCrunch. The transfer would mark a major step towards making a nationwide report of smartphones in circulation.

India’s used-smartphone phase is increasing quickly as rising costs of recent gadgets and longer substitute cycles push extra customers towards cheaper options. India became the world’s third-largest market for second-hand smartphones in 2024.

However as a lot as 85% of the second-hand telephone sector stays unorganized, which means most transactions happen by casual channels and thru brick-and-mortar shops. The federal government’s transfer covers solely formal recommerce and trade-in platforms, leaving a lot of the broader used-device market exterior the scope of the present measures.

Whereas asserting the pre-installation of its app, the Indian authorities stated the transfer would assist allow “straightforward reporting of suspected misuse of telecom sources.” Privateness advocates say that the rising knowledge flows may give authorities unprecedented visibility into machine possession — elevating considerations over how the data might be used or misused.

“It’s a troubling transfer to start with,” stated Prateek Waghre, head of packages and partnerships of Toronto-based nonprofit coverage lab, Tech World Institute, instructed TechCrunch. “You’re basically wanting on the potential for each single machine being ‘databased’ in some type. After which what makes use of their database could be put to it at a later date, we don’t know.”

The Indian authorities has not but detailed how the collected knowledge will probably be saved, who can have entry to it, or what safeguards will apply because the system expands. Digital rights teams say the sheer scale of India’s smartphone base — estimated at some 700 million gadgets — means even administrative adjustments can have outsized penalties, probably setting precedents that different governments might research or replicate.

“Whereas the intent behind a unified platform could also be safety, mandating a single government-controlled software dangers stifling innovation significantly from non-public gamers and startups who’ve traditionally pushed safe, scalable digital options,” stated Meghna Bal, director at New Delhi-based know-how suppose tank, Esya Centre.

“If the federal government intends to construct such techniques, they should be backed by unbiased audits, robust knowledge governance safeguards, and clear accountability measures. In any other case, the mannequin not solely places consumer privateness at stake, but in addition removes truthful alternative for the ecosystem to contribute and innovate,” stated Bal.

The deliberate API additionally raises considerations for recommerce corporations, which may face legal responsibility if delicate buyer info is mishandled.

The Indian telecom ministry didn’t reply to TechCrunch’s request for remark.

Waghre famous that whereas the Sanchar Saathi app is seen on a consumer’s telephone, the broader system it connects to operates largely out of sight. The permissions, knowledge flows, and backend adjustments, together with the deliberate API integration, could also be buried in long-term-and-conditions paperwork that most individuals by no means learn, he stated. Consequently, customers might have little sensible understanding of what info is being collected, how it’s shared or the extent of the system’s attain.

“You may’t go about limiting cybercrimes and machine thefts in such a disproportionate and heavy-handed approach,” stated Waghre.

“The federal government is principally saying that, look, you have to put my app on each machine that’s bought, on each present machine, you must set up it, and in something that’s being resold as properly,” he stated.