The Indian government's recent move to mandate the preloading of the Sanchar Saathi application on all new smartphones has ignited a significant debate around digital privacy and user autonomy. The directive, issued under the Telecommunication Cybersecurity Amendment Rules 2025, requires manufacturers to install the app, with existing devices slated to receive it via an update within 90 days.
What is the Sanchar Saathi App and Why the Controversy?
Launched in January 2025, the Sanchar Saathi app, available on Android and iOS, is designed as a citizen-centric portal for telecom services. Its features include tracking stolen phones, reporting fraudulent calls and messages, and verifying mobile connections registered under a user's name.
However, the mandate to pre-install it as a system application is the core of the dispute. Privacy advocates, notably the Internet Freedom Foundation (IFF), argue this action effectively converts every smartphone in India into a vessel for state-mandated software. The concern is that to function as intended and remain non-removable, the app would require system-level or root-level access. This privileged position could potentially allow it to bypass normal security protocols that isolate app data, creating a permanent point of access within the device's operating system.
Permissions and the Android vs iOS Divide
The app's permission list on Android devices is extensive and includes access to:
- Read and send SMS
- Access call logs
- View phone state and identity (phone number, serial number)
- Monitor active calls and connected numbers
- Use the camera to scan IMEI barcodes
While many third-party apps request similar permissions, users can deny or revoke them and uninstall the apps entirely. As a preloaded system app, Sanchar Saathi may not require explicit user consent for these functions. Its FAQ notes it can automatically register phone numbers on Android and send a registration message to the DoT.
The scenario differs for iPhone users. Due to Apple's stricter ecosystem, the app cannot automatically send registration messages—requiring manual user input—and lacks permissions to manage calls or read SMS. It can, however, access photos, files, and the camera. Notably, Apple has stated it does not plan to comply with the preload mandate, setting up a potential clash with authorities.
Industry Pushback and Lingering Questions
The directive has met resistance beyond privacy circles. Smartphone manufacturers have raised practical concerns, stating that compliance would necessitate significant operating system changes. Following public backlash, Union Communications Minister Jyotiraditya Scindia clarified that consumers would have the option to delete the preloaded app, though details on how this would work for a system-level application remain unclear.
Despite government assurances that the app does not collect personally identifiable information, experts point to gaps in its privacy policy. There is no explicit option for data correction, deletion, or opt-out, and no clarity on how long user data is retained. These omissions, coupled with the app's elevated access, continue to fuel apprehension about the balance between cybersecurity and fundamental privacy rights in India's digital landscape.
