India plans to verify and register every smartphone in circulation

The Indian government is expanding its anti-theft and cybersecurity initiative to include new and used smartphones, an effort aimed at reducing device theft and online fraud, but a move that also raises new privacy concerns.

As part of the expansion, India’s Ministry of Telecommunications is requiring companies that buy or trade in used phones to verify each device through a central database of IMEI numbers. This comes in addition to the recent directive requiring smartphone manufacturers to pre-install the government’s Sanchar Saathi app on all new phones and push it to existing devices through a software update.

Reuters Reported for the first time News on Monday, which was later certain By the Ministry in a public statement.

It was launched in 2023Sanchar Saathi portal allows users to block or track lost and stolen phones. The system has blocked more than 4.2 million devices and tracked another 2.6 million, according to government data. The system was expanded earlier this year with He releases From the dedicated Sanchar Saathi app in January, which the government says has helped recover more than 700,000 phones, including 50,000 in October alone.

The Sanchar Saathi app has since gained widespread adoption. The app has been downloaded nearly 15 million times and saw more than three million monthly active users in November — an increase of more than 600% from the month of its launch, according to marketing intelligence firm Sensor Tower. Web traffic to Sanchar Saathi has also been up, with the number of monthly unique visitors up more than 49% year over year, according to Sensor Tower data shared with TechCrunch.

The government’s order to pre-install Sanchar Sathi has drawn backlash from privacy advocates, civil society groups and opposition parties. Critics dispute the move Extends status visibility to personal devices Without sufficient guarantees. However, the Indian government says the mandate is aimed at addressing rising cases of cybercrimes, such as IMEI cloning, device cloning, fraud in the used smartphone market, and identity theft scams.

Responding to the controversySanchar Sathi is a “completely voluntary and democratic system” and users can delete the app if they do not want to use it, Communications Minister Jyotiraditya M Scindia said on Tuesday. The guidance reviewed by TechCrunch — which circulated on social media on Monday — directs manufacturers to ensure that a pre-installed app is “readily visible and accessible to end users at the time of first use or device setup” and that its “functionality is not disabled or restricted,” raising questions about whether the app is truly optional in practice.

Deputy Communications Minister Bimasani Chandrasekhar He said In media interviews, most major manufacturers were included in the government’s working group on the initiative, although Apple was not involved.

Besides the Sanchar Saathi app push, the telecom ministry is piloting an application program interface — or API — that would allow re-commerce and commerce platforms to upload customer identities and device details directly to the government, two people familiar with the matter told TechCrunch. This move will represent an important step towards establishing a national registry of smartphones in circulation.

The used smartphone sector in India is expanding rapidly, as rising prices of new devices and longer replacement cycles push more consumers towards cheaper alternatives. India It has become the third largest market in the world For used smartphones in 2024.

But up to 85% of the used phone sector remains unorganized, meaning that most transactions take place through informal channels and through physical stores. The government’s move only covers official re-commerce and trade-in platforms, leaving a large part of the wider used device market outside the scope of the current measures.

While announcing the pre-installation of its app, the Indian government said the move will help enable “easy reporting of suspected misuse of telecom resources.” Privacy advocates say increased data flows could give authorities unprecedented visibility into device ownership, raising concerns about how the information is being used or misused.

“It’s a worrying move at first,” Pratik Wagre, head of programs and partnerships at the Toronto-based non-profit policy lab Global Technology Institute, told TechCrunch. “You’re basically looking at the possibility that each individual device could be ‘data-driven’ in some way. And then what uses its own database could be put in place at a later date, we don’t know.”

The Indian government has not yet provided details on how the collected data will be stored, who will have access to it, or what safeguards will be in place as the system expands. Digital rights groups say the sheer size of India’s smartphone base — estimated at 700 million devices — means that even administrative changes could have significant consequences, potentially setting precedents that other governments could study or replicate.

“While the intent behind a unified platform may be protection, mandating a single government-controlled application risks stifling innovation especially from private players and startups that have historically driven secure and scalable digital solutions,” said Meghna Pal, director of the New Delhi-based Issia Technology Research Center.

“If the government intends to build such systems, they must be backed by independent audits, strong data governance safeguards, and transparent accountability measures. Otherwise, the model not only puts user privacy at risk, but also removes the ecosystem’s fair opportunity to contribute and innovate,” Pal said.

The planned API also raises concerns for re-commerce companies, which could face liability if sensitive customer information is mishandled.

The Indian Ministry of Telecommunications did not respond to TechCrunch’s request for comment.

Although the Sanchar Saathi app is visible on a user’s phone, the broader system to which it connects operates largely out of sight, Wagher noted. Permissions, data flows and back-end changes, including planned API integrations, may be buried in long-term documents and terms that most people never read, he said. As a result, users may have little practical understanding of what information is collected, how it is shared or the reach of the system.

“You cannot continue to restrict cybercrime and device theft in such a disproportionate and heavy-handed way,” Waghri said.

“The government is basically saying, look, you need to put my app on every device that’s sold, on every device out there, you need to install it, and on anything that’s being resold as well,” he said.