India Moves to Log Smartphone IDs as App Mandate Is Rolled Back

India moves to verify and log smartphone identities nationwide, tightening how devices are tracked and authenticated even as it retreats from a plan to force a government app onto every handset. The twin moves underscore New Delhi’s push to curb phone theft and fraud—while navigating public unease over privacy and surveillance.

What’s Changing

Under the Telecommunications Act, 2023 and the Telecommunications (Telecom Cyber Security) Rules, 2024, device makers and importers must register each device’s unique IMEI number with the government before it enters the market or country. IMEI registration is mandatory before sale or import. The Department of Telecommunications says this regime is designed to weed out cloned and tampered devices and to help law enforcement track stolen phones via the Central Equipment Identity Register (CEIR).

The rules also extend into the secondhand market: Used-phone sellers must check the national IMEI database before completing a transaction, with verification fees applied per device. Officials argue that building these routine checks into the supply chain will make it harder for fraudulent or blacklisted phones to circulate, while giving consumers a simple way to verify a device’s authenticity.

Privacy Pushback

Even as those requirements advance, the government has reversed a separate order that would have required manufacturers to preload its Sanchar Saathi security app on all new phones and push it to older models. After criticism from privacy advocates, opposition leaders and some manufacturers, Government revoked the app mandate on December 3, 2025. Officials said the app—used to block or locate lost phones and report suspicious connections—will remain voluntary. Reuters and the Associated Press reported that the original directive envisaged a non-removable installation within roughly 90 days, prompting the outcry.

The backtrack highlights a delicate balance: authorities want tools that make fraud harder and recovery easier, but a blanket app requirement raised fears of state overreach and device-level surveillance. By leaning on IMEI-based verification and CEIR—measures already embedded in telecom infrastructure—the government is signaling it can tighten protections without imposing a one-size-fits-all app on every user.

What’s Next

For manufacturers and importers, compliance means maintaining clean IMEI pipelines tied to GSMA type codes and obtaining government certificates before customs clearance. For resellers, it means routine database checks before buying or selling used devices. Consumers, meanwhile, can verify a phone’s status through government tools and portals prior to purchase. The coming months will test how smoothly these requirements scale—and whether clearer guardrails on data handling and access reassure a public alert to the privacy stakes.

Sources

• India revokes order to preload cybersecurity app on smartphones after outcry — Reuters (December 3, 2025)
• India rolls back order to preinstall cybersecurity app on smartphones — Associated Press (December 3, 2025)
• Department of Telecommunications Cautions Manufacturers, Importers and Resellers about Mandatory IMEI Registration and Consequences of IMEI Tampering — Press Information Bureau, Government of India (November 17, 2025)