India plans to verify and record every smartphone in circulation

The Indian government is expanding its anti-theft and cybersecurity measures to include both new and used smartphones, an initiative designed to combat device theft and online fraud. However, this expansion has raised significant privacy concerns among citizens and advocacy groups. As part of this initiative, the Indian telecom ministry has mandated that companies involved in purchasing or trading used smartphones verify every device through a centralized database of IMEI numbers. This directive follows a recent order for smartphone manufacturers to preinstall the Sanchar Saathi app on all new devices and to push it to existing phones via software updates. This news was first reported by Reuters and later confirmed by the ministry. Launched earlier this year, the Sanchar Saathi portal allows users to block or trace lost or stolen phones. Official government data indicates that the system has successfully blocked over 4.2 million devices and traced an additional 2.6 million. The app gained further traction with the introduction of a dedicated version in January, leading to the recovery of more than 700,000 phones, including 50,000 in just October. The Sanchar Saathi app has seen remarkable adoption, with nearly 15 million downloads and over three million active users monthly as of November. Web traffic to the platform has also increased, with a year-over-year rise of 49% in unique visitors, according to Sensor Tower data. However, the government's directive to preinstall the app has faced backlash from privacy advocates, civil society organizations, and opposition parties. Critics argue that this move enhances government oversight of personal devices without sufficient safeguards to protect user privacy. In response, Telecom Minister Jyotiraditya M. Scindia stated that the Sanchar Saathi system is entirely voluntary, allowing users to delete the app if they choose not to use it. The directive specifies that manufacturers must ensure the app is easily accessible during the initial device setup and that its features cannot be disabled, raising questions about the true optionality of the app. While major manufacturers are reportedly involved in the initiative, Apple has not participated. In addition to promoting the Sanchar Saathi app, the telecom ministry is testing an API that would enable recommerce and trade-in platforms to upload customer identities and device information directly to the government. This would facilitate the creation of a comprehensive record of smartphones in circulation across India. As the demand for used smartphones surges amid rising prices for new models, India's used smartphone market is rapidly growing. Despite this, approximately 85% of transactions in the second-hand sector remain unregulated, occurring primarily through informal channels. The government asserts that the Sanchar Saathi app will facilitate the reporting of telecom resource misuse. However, privacy advocates warn that increased data flows could grant authorities excessive insight into device ownership, raising concerns about potential misuse of this information. Critics argue that database systems could lead to unforeseen consequences regarding user privacy and data governance. Experts emphasize the need for robust data protection measures and independent audits to ensure user privacy is safeguarded. They caution that while the intent behind this initiative may be protective, enforcing such regulations risks stifling innovation from private sectors and startups that have historically provided secure digital solutions. As the plan unfolds, the potential implications for recommerce firms are also a concern, especially regarding the handling of sensitive customer data. With the scale of India's smartphone user base, any administrative changes could create significant precedents that may be observed by other governments. As this initiative progresses, the Indian government has yet to clarify how the collected data will be stored, who will access it, or what protections will be in place, leaving many questions unanswered regarding the future of user privacy in the country.