The Indian government quietly dropped a technical bomb on phone makers late last month: a private directive, dated November 28, telling Apple, Samsung, Vivo, Oppo, Xiaomi and others to preinstall a state-owned app called Sanchar Saathi on all new handsets and push it out to existing phones within 90 days. The order, issued by the Department of Telecommunications, goes further than a friendly suggestion — it asks that the app be visible at first use and that its functionality not be disabled or restricted.

Sanchar Saathi isn’t a spooky surveillance tool in name; the portal and app were launched as a telecom-safety utility. It ties into India’s central equipment identity register (CEIR) to help users block or trace lost or stolen phones by IMEI, check IMEI authenticity, and report suspected telecom fraud or scam messages. The government says it’s aimed at stopping spoofed IMEIs and curbing fraud in the second-hand handset market — practical-sounding goals that explain, in part, why the department wants the app everywhere.

But the implementation matters. On Android, governments can sometimes arrange for system-level preloads or carrier-installed apps that are hard to remove; on iPhones, Apple controls what shows up on the device at first boot. For that reason the diktat is already colliding with commercial reality: Apple — which generally resists forced preloads that it believes undermine device security or user privacy — has reportedly told officials it will push back and is evaluating its options. Other manufacturers are said to be reviewing the instruction. That private-to-public tug-of-war is now playing out in boardrooms as well as in parliament.

The reaction has been immediate and mixed. Privacy advocates, some opposition politicians and a clutch of editorial writers have warned that forcing a government app onto every phone — and making it undeletable — risks normalizing mass surveillance or at least excessive government control of a user’s device. The government, for its part, has framed the move as a cybersecurity measure and pointed to the app’s existing public roll-out and functions. Communications Minister Jyotiraditya Scindia has since said the app is optional and can be deleted — a line that sits awkwardly next to the original private directive’s language about non-disabling visibility.

This isn’t entirely new in global tech policy. Earlier this year Russia ordered phone manufacturers to preload a state-backed messenger called MAX — another case where national security and digital-sovereignty arguments ran headlong into privacy concerns and real resistance from users and tech firms. Those precedents make clear this will be more than a technical exercise: it’s a test of how much control states expect over consumer devices and how far multinational firms will accept local deviations in global device policy.

India’s smartphone market dynamics add another layer to the story. iOS users remain a minority in sheer numbers, but Apple has been expanding rapidly here: its India sales hit a record figure of roughly $9 billion in the last fiscal year as it opened stores and scaled local manufacturing. Google, Samsung and Chinese brands have also boosted local production and direct sales, making India a strategically important market for handset makers. That rising economic weight will shape how companies balance compliance, customer trust and long-term market strategy.

From a technical perspective, there are practical headaches. Pushing the app to devices already in circulation means coordinating with multiple OEM software stacks and carriers; making it non-disableable on Android normally requires it to be installed as a system or carrier app — something manufacturers and distributors have to agree to. On iOS, by contrast, Apple dictates the rules of the ecosystem and has in the past rejected or carefully limited system-level access for third-party software. If Apple refuses, the government would need to decide whether to accept a partial rollout, negotiate a different approach, or escalate — and that choice carries political costs on both sides.

There’s also the optics problem. The same feature set that helps track a stolen phone can, in theory, be repurposed for broader monitoring if additional data access or integrations are demanded later. That potential is why activists focus less on the app’s existence and more on control, transparency and legal checks: who has access to CEIR logs, what oversight exists for requests to unblock or trace devices, and how citizens can contest mistakes or abuses. So far, official messaging stresses public safety; critics say safeguards and independent audits should accompany any compulsory rollout.

Officials are already feeling the heat. After the story leaked into public view, lawmakers and commentators pressed the administration for clarity; Reuters reported that the government may reconsider provisions of the directive after receiving feedback. Expect a negotiation phase — not only with manufacturers but with civil-society groups and possibly the courts — before we know what “mandatory” will actually look like in everyday handsets.

For ordinary users the immediate practicalities matter: will the app appear on the homescreen, can you delete it, and what permissions will it request? For the industry the stakes are strategic: compliance could set a precedent for other software mandates in a market that’s rapidly becoming central to the mobile business. For policy watchers the case is a neat, uncomfortable capsule of a larger global argument about digital sovereignty, user consent and the point where public-interest tech becomes state control. Watch for policy clarifications, OEM statements, and — critically — court challenges or regulatory tweaks in the coming weeks.