India plans to verify and record every smartphone in circulation

The Indian government is expanding its anti-theft and cybersecurity framework to include both new and used smartphones, in an effort to curb device theft and online fraud — though the move is also prompting renewed privacy concerns.

As part of this expansion, the telecom ministry will now require companies that buy or resell used devices to verify each smartphone against a centralised IMEI database. This follows a recent directive instructing phone manufacturers to preinstall the government’s Sanchar Saathi app on all new devices and push it to existing users via software updates.

Reuters first reported the development on Monday, and the ministry later confirmed it in an official statement.

Launched in 2023, the Sanchar Saathi platform enables users to trace or block stolen phones. According to government figures, the system has already blocked more than 4.2 million devices and located 2.6 million more. The program expanded earlier this year with the release of a dedicated app in January, which the government says has helped recover over 700,000 phones — including 50,000 in October alone.

Adoption of the Sanchar Saathi app has skyrocketed. The app has been downloaded nearly 15 million times, and more than 3 million users were active in November — a more than 600% rise since its launch month, according to Sensor Tower. Web traffic to the Sanchar Saathi website has also surged, with unique monthly visitors increasing by over 49% year-over-year.

Still, the government’s mandate to preinstall Sanchar Saathi has sparked significant criticism from privacy advocates, civil society groups, and political opposition. Critics argue that preinstallation increases state visibility into personal devices without adequate safeguards. The government maintains the requirement is meant to counter rising cybercrime threats, such as IMEI duplication, device cloning, fraud in the used-phone market, and identity theft.

Telecom minister Jyotiraditya M. Scindia said on Tuesday that Sanchar Saathi is “a completely voluntary and democratic system” and that users may delete the app if they prefer not to use it. However, the directive reviewed by TechCrunch instructs manufacturers to make the app “readily visible and accessible” during initial setup and to ensure its features are not disabled — leading critics to question whether the app is genuinely optional.

Deputy telecom minister Pemmasani Chandra Sekhar said in interviews that most major smartphone makers participated in the government’s working group, except Apple.

In parallel, the telecom ministry is piloting an application programming interface (API) that would allow recommerce platforms to upload customer identity information and device details directly to government systems, sources told TechCrunch. Such a system would mark a significant move toward building a nationwide record of all smartphones in circulation.

India’s used-smartphone market is expanding rapidly. With rising new-device prices and longer replacement cycles, more consumers are turning to secondhand options. India became the world’s third-largest used-smartphone market in 2024. Despite this, up to 85% of the market remains informal, with most transactions happening offline. The government’s measures currently apply only to formal recommerce channels, leaving much of the broader market untouched.

While announcing the preinstallation mandate, the government said the initiative would help users report “suspected misuse of telecom resources.” Digital rights advocates warn that such measures could give authorities unprecedented visibility into device ownership, with unclear limits on how the data could be used.

“It’s a troubling move to begin with,” said Prateek Waghre, head of programs and partnerships at Tech Global Institute. “You’re essentially looking at the potential for every single device being ‘databased’ in some form. And what that database could later be used for, we don’t know.”

The government has not disclosed how the collected data will be stored, who will access it, or what safeguards will apply as the system expands. Rights groups stress that India’s enormous smartphone base — estimated at around 700 million devices — means even administrative shifts can have far-reaching consequences that other governments might examine or emulate.

Meghna Bal, director at the Esya Centre, said that while a unified system may help combat misuse, requiring a government-controlled app on every device could limit innovation by private-sector players who have historically pioneered scalable digital safety tools. She said such systems must include independent audits, strict data governance rules, and transparent oversight to avoid compromising user privacy or undermining competition.

The proposed API also raises potential risks for recommerce firms, which could become liable if sensitive customer information is mishandled.

The telecom ministry did not respond to TechCrunch’s request for comment.

Waghre added that although users can see the Sanchar Saathi app on their devices, the backend infrastructure operates primarily out of sight. Many users may not understand what data is collected or shared due to complex terms and conditions that are often overlooked. He warned that the broader system’s reach — including data flows and API integrations — may be far greater than the public realises.

“You can’t go about restricting cybercrimes and device thefts in such a disproportionate and heavy-handed way,” Waghre said. “The government is essentially saying the app must be installed on every new device, every existing device, and every device being resold.”