含羞草社区

A recent standoff between the Indian government and the tech industry was sparked by the Department of Telecommunications’ directions mandating pre-installation of the state-run Sanchar Saathi app on mobile phones. The move was intended to strengthen telecom cybersecurity, allowing citizens to verify the authenticity of International Mobile Equipment Identity (IMEI) numbers and report their suspicious misuse.

As per the directions, manufacturers and importers of mobile handsets were required to ensure pre-installation of the app and its accessibility from the first use of the mobile phone. Further, its functionalities could also not be disabled or restricted. The directions sparked a debate over the technical feasibility of the requirement and its mandatory nature. Industry stakeholders raised privacy and operational concerns, noting that such a mandate would set a precedent for future interventions, eroding user choice and complicating manufacturing processes.

India rolls back app install mandate

Concerns were also raised regarding the app’s permissions. As per the app’s privacy policy, permissions would have to be granted for managing phone calls, sending messages, accessing call and message logs, photos and files, and the phone’s camera. Ultimately, the government rolled back the mandate, while citing the app’s popularity. Apart from the pre-installation mandate, the Indian government has previously attempted to mandate the installation of other apps. During covid-19, the government required all employees of public and private organisations to use the contact tracing app, Aarogya Setu. Later, the government encouraged them to install the app on a best effort basis.

While the government has been consistently advocating mandatory pre-installation/installation of state-operated apps, these requirements pose considerable challenges for mobile phone manufacturers, particularly those with global operations. The permanent nature of such apps, and lack of user control in terms of disabling or restricting their functionalities, also impacts user choice, autonomy and control over devices and information.

India app mandates disrupt manufacturers

Mandating the pre-installation of an app for one country requires technical redesign, additional compliance processes and separate production lines. Such mandates necessitate the creation of country-specific product variants, which disrupts the global supply chains of foreign mobile phone manufacturers. Their integration can interfere with device functionalities and may even impair interoperability, forcing mobile manufacturers to ensure that state-run apps are compatible with their software. This potentially leads to raised production and compliance expenses and affects the timing of product launches and market delivery. It also acts as a de facto market access restriction, capable of foreclosing entry for competing foreign service providers.

Such mandates disregard consumer choice regarding the apps they wish to install. Permissions required by such apps raise privacy concerns for consumers and for foreign brands that value market security and privacy. Mandatory pre- installation requirements introduced through administrative directions, rather than clear regulations, lack of consultation and forced enforcement, undermine trade compliance, increasing regulatory risk for foreign suppliers. Compliance teams are forced to navigate between maintaining market access in economies like India and complying with global policies that prohibit/restrict government interference in device integrity.

India cyber app mandates need proportionality

While these mandates are usually based on public interest, they must be balanced against necessity and proportionality. This is particularly important when less restrictive alternatives, such as voluntary downloads, are available, which satisfy government security objectives and achieve the same objectives without violating technical and ethical standards of the global ecosystem or negatively impacting trade.

含羞草社区 regulatory approach has long emphasised the ease of doing business and alignment with international standards. However, mandates of this nature go against such policy objectives and risk creating regulatory friction and uncertainty. The pre-installation mandate, followed by its rapid withdrawal, serves as a reminder that regulatory initiatives in the digital ecosystem must be carefully calibrated. The way forward lies in proportionate and consultative regulation.

If the government deems that certain cyber safety apps are essential for consumer safety and cybersecurity, they should be made freely available for download by users and encouraged through awareness campaigns promoting their use. This ensures user choice while achieving meeting regulatory goals. A balance between state interests and operational realities should be maintained.

Rishikaa is a senior associate, and Anindita Deb is an associate at ADP Law Offices