Apple will refuse to preload state-run “snooping” app on iPhones, report says.
An Apple Store in Bengaluru on September 19, 2025. Credit: Getty Images | Idrees Mohammed
Apple reportedly won’t comply with a government order in India to preload iPhones with a state-run app that can track and block lost or stolen phones via a device’s International Mobile Equipment Identity (IMEI) code. While the government describes it as a tool to help consumers, privacy advocates say it could easily be repurposed for surveillance.
Reuters reported today, citing three anonymous sources, that “Apple does not plan to comply with a mandate to preload its smartphones with a state-owned cyber safety app and will convey its concerns to New Delhi.” Reuters noted that the government mandate has “sparked surveillance concerns and a political uproar.”
The government’s Sanchar Saathi (“Communication Partner”) app is billed as a consumer tool for reporting suspected fraud communications, verifying the genuineness of a phone, and blocking lost or stolen handsets. The app can already be installed by users as it is available on the Apple and Google Play app stores, but the government wants device makers such as Apple, Google, Samsung, and Xiaomi to load phones with the app before they are shipped.
Apple “will tell the government it does not follow such mandates anywhere in the world as they raise a host of privacy and security issues for the company’s iOS ecosystem, said two of the industry sources who are familiar with Apple’s concerns,” Reuters wrote. One source “said Apple does not plan to go to court or take a public stand, but it will tell the government it cannot follow the order because of security vulnerabilities.”
App functions may not be “disabled or restricted”
While Apple may not initiate litigation itself, India’s government could try to force Apple to comply. India’s Department of Telecommunications (DoT) said yesterday that the app must be “pre-installed on all mobile handsets manufactured or imported for use in India.”
“Apple has historically refused such requests from governments,” Counterpoint analyst Tarun Pathak was quoted as saying in a previous Reuters article. “It’s likely to seek a middle ground: instead of a mandatory pre-install, they might negotiate and ask for an option to nudge users towards installing the app.”
The India directive isn’t just a request. The DoT said it ordered companies to comply within 90 days and submit a compliance report in 120 days, and that phone makers must “ensure that the pre-installed Sanchar Saathi application is readily visible and accessible to the end users at the time of first use or device setup and that its functionalities are not disabled or restricted.”
For devices that are already manufactured or ready to be sold to consumers, manufacturers and importers “shall make an endeavour to push the App through software updates,” the DoT said. We contacted Apple, Google, Samsung, and Xiaomi today and will update this article if any of the firms provide comment.
“A snooping app”
“Prime Minister Narendra Modi’s political opponents and privacy advocates criticized the move, saying it is a way for the government to gain access to India’s 730 million smartphones,” Reuters wrote. Telecom minister Jyotiraditya Scindia defended the system, saying it is “voluntary and democratic” and that users can “easily delete it from their phone at any time.”
A government website says that Sanchar Saathi, which is available as an app and a web portal, “facilitates tracing of the lost/stolen mobile devices” and “facilitates blocking of lost/stolen mobile devices in network of all telecom operators so that lost/stolen devices cannot be used in India. If anyone tries to use the blocked mobile phone, its traceability is generated. Once mobile phone is found it may be unblocked on the App or portal for its normal use by the citizens.”
Consumers can also use the app or website to check the number of mobile connections in their name and report any that appear to be fraudulent.
Priyanka Gandhi of the Congress Party, a member of Parliament, said that Sanchar Saathi “is a snooping app… It’s a very fine line between ‘fraud is easy to report’ and ‘we can see everything that every citizen of India is doing on their phone.’” She called for an effective system to fight fraud, but said that cybersecurity shouldn’t be “an excuse to go into every citizen’s telephone.”
App may need “root level access”
Despite Scindia saying the app can be deleted by users, the government statement that phone makers must ensure its functionalities are not “disabled or restricted” raised concerns about the level of access it requires. While the app store version can be deleted, privacy advocates say the order’s text indicates the pre-installed version would require deeper integration into the device.
The Internet Freedom Foundation, an Indian digital rights advocacy group, said the government directive “converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove. For this to work in practice, the app will almost certainly need system level or root level access, similar to carrier or OEM system apps, so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from peering into the data of others, and turns Sanchar Saathi into a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user.”
The group said that while the app is being “framed as a benign IMEI checker,” a server-side update could repurpose it to perform “client side scanning for ‘banned’ applications, flag VPN usage, correlate SIM activity, or trawl SMS logs in the name of fraud detection. Nothing in the order constrains these possibilities.”
Jon is a Senior IT Reporter for Ars Technica. He covers the telecom industry, Federal Communications Commission rulemakings, broadband consumer affairs, court cases, and government regulation of the tech industry.
