India faces backlash over government cyber safety app mandate

Apple plans to tell Indian officials it cannot comply with a government order requiring smartphone makers to preload a state-run “cyber safety” app on new devices, according to news reports.

Last week, New Delhi directed manufacturers — including Apple, Samsung and Xiaomi — to install the Sanchar Saathi app on all new handsets within 90 days and ensure it cannot be removed. Companies were also told to add the app to devices already in the supply chain through software updates.

In a statement on Monday, the government said Sanchar Saathi is intended to curb fraud and phone theft by letting users verify handset identifiers and report stolen devices. Opposition politicians and digital-rights groups argue the requirement would effectively give authorities access to more than 700 million smartphones and risk expanding state surveillance.

Amid the backlash, Telecom Minister Jyotiraditya Scindia said Tuesday the system was optional and denied the app could be used for monitoring. Local media quoted him as saying users are free to activate or delete it.

People familiar with Apple’s position told Reuters the company will privately inform officials it cannot comply because embedding third-party software would undermine iOS’s security architecture. They said Apple does not accept similar requirements in other countries and does not plan to challenge the order in court or issue public statements. Apple had not responded to Recorded Future News’ request for comment at the time of publication.

India is the latest government to push national digital services. Russia has been promoting a domestic messenger, Max, as it seeks to emulate China’s tightly integrated app ecosystem.

New Delhi this week also introduced tighter rules for online communication platforms. Messaging services including WhatsApp, Telegram and Signal will be required to link accounts to SIM cards used at registration — a practice known as SIM binding — and block access if that SIM is later removed. Web versions of the apps must automatically sign users out at regular intervals, at least every six hours, requiring repeated QR-code authentication.

Authorities say the measures are aimed at limiting scams carried out using inactive or foreign SIM cards. Providers must comply within 90 days and submit reports within four months.

Industry analysts warned the changes could disrupt users who rely on multiple devices or shared work phones, and questioned whether the rules would meaningfully reduce fraud. India is one of WhatsApp’s biggest markets, with roughly 500 million users, including many small businesses.

The Meta-owned service is also under pressure elsewhere. Russian regulators restricted access to WhatsApp last week, accusing it of violating domestic laws and claiming the platform had been used for criminal activity. Authorities said the service could face a full ban if it does not comply.