The Indian government's recent directive to make the Sanchar Saathi cybersecurity application a mandatory pre-install on all mobile devices has ignited a fierce debate across the nation. Announced by the Department of Telecommunications (DoT) on 28 November, the order requires phone manufacturers to include the app on new smartphones within 90 days, extending to nearly 800 million existing devices via software updates. While the government pitches it as a crucial shield against digital fraud, critics and tech giants are raising alarms over potential surveillance overreach and infringement of user choice.
The Government's Stance and Subsequent Clarification
Launched in May 2023, the Sanchar Saathi platform, developed by the DoT, was originally a voluntary service. It allows users to report lost or stolen phones and duplicated SIM cards. Its scope was expanded in March 2024 with the 'Chakshu' portal for reporting fraudulent calls and SMS, enabling law enforcement and telecom operators to blacklist suspicious numbers and devices.
The government's justification for the mandate hinges on cybersecurity. The DoT notification stated that mobile handsets with duplicate or spoofed IMEI (International Mobile Equipment Identity) numbers pose a serious threat to national telecom security. Union Telecom Minister Jyotiraditya Scindia asserted that the app is "designed to protect citizens from digital frauds and theft" and that the Centre is responsible for creating awareness about it.
However, the initial notification, which demanded that phone brands ensure the app's functionalities "are not disabled or restricted," caused immediate backlash. Facing widespread criticism, the government appeared to soften its stance. On Tuesday, 3 December, Scindia clarified that the app is "completely optional" for users, who can delete it if they wish. A senior official added that the non-disabling mandate was directed only at manufacturers, not end-users.
Industry Pushback and Technical Efficacy
Major smartphone players, including Apple, Google, and Samsung, are reportedly evaluating ways to push back against the order. Their concerns revolve around compliance challenges, user privacy, and the fundamental right of consumers to choose what software resides on their devices.
Beyond compliance, experts question the app's technical capability to deliver on its promises. Sumeysh Srivastava, a partner at policy consultant The Quantum Hub (TQH), points out a critical flaw: the app cannot automatically scan IMEIs without user input. Even if it could, fraudsters could easily circumvent it by using older devices or rooting their phones to remove the app. This gap raises doubts about its effectiveness as a proactive cybersecurity tool, making the privacy trade-off seem even more significant.
The Core Privacy and Legal Concerns
Privacy advocates and legal experts have called the move "intrusive" and a potential violation of constitutional principles. Despite the DoT's claim on social media platform X that Sanchar Saathi "collects no personal data and tracks nothing," the app requests permissions to access call logs, SMS messages, and the camera—all gateways to highly sensitive personal information.
Senior Supreme Court counsel N.S. Nappinai criticized the government's "hasty action," stating it violates constitutional fundamentals. She argued that forcing an app onto a device and then offering an opt-out is not equivalent to seeking prior consent. "The question of first forcing me to download an app and to then ask me to delete it is obviously specious and untenable," she added.
An anonymous cybersecurity lawyer highlighted the contradiction with India's new data protection framework, noting that mandatory installation is "quite the opposite of what the new privacy law promised." They also countered the DoT's 'no data collection' claim, stating it would be technically impossible to crack down on fraudulent calls without collecting and analyzing some form of communication data.
The ongoing Sanchar Saathi controversy puts a spotlight on the delicate balance between state-led security initiatives and individual privacy rights. With the 90-day deadline looming and tech giants considering their response, the debate over whether this app is a necessary digital shield or an unwarranted overreach is far from settled.
