What Is Sanchar Saathi and Why Did the Government Ask Smartphone Companies To Pre-Install It?

What Is Sanchar Saathi and Why Did the Government Ask Smartphone Companies To Pre-Install It?

The Government of India, through the Department of Telecommunications (DoT), directed smartphone manufacturers and importers to preinstall a government-developed cybersecurity application called Sanchar Saathi on all new smartphones sold in the country.
It also instructed companies to roll out a software update to install the app on phones already sold.
Initially, the DoT said users cannot delete, disable, or restrict this application. However, following criticism, Telecom Minister Jyotiraditya Scindia clarified (Dec 2):
“If you want to delete the app, you can. It is not mandatory… If you don’t want to use the app, don’t register for it. It will stay dormant.”
Despite this clarification, the original directive stated mandatory installation under the Telecommunication Cybersecurity Amendment Rules, 2025, raising concerns about user autonomy, privacy, and surveillance.

What Exactly Is the Sanchar Saathi App?

Sanchar Saathi is an initiative of the Department of Telecommunications (DoT) aimed at:

• Empowering mobile subscribers
• Reducing digital fraud
• Ensuring telecom security
• Helping recover or block stolen devices
• Raising cybersecurity awareness
  It is available as both a mobile application and a website portal.

What Services and Features Does Sanchar Saathi Provide?

Sanchar Saathi offers multiple user-centric and security-oriented tools:

1. Blocking and Tracking Stolen Phones

• Users can block their lost or stolen phones using the app.
• It uses the phone’s IMEI number (unique 15-digit code) for identification.
• If a blocked device is switched on, the system generates traceability.
• Users can later unblock the device through the app or portal when recovered.

1. Checking Mobile Connections Registered in Your Name
   You can see all SIM cards linked to your identity—helpful for detecting misuse or fraudulent SIMs.
2. Reporting Fraudulent Calls, SMS, WhatsApp Messages (via Chakshu)
   Chakshu lets users report:

• Calls impersonating DoT, TRAI, police, or government officials
• Investment and trading scams
• KYC verification scams
• Banking, electricity, gas, or insurance fraud
• Phishing links, malicious APKs, device cloning attempts
• Fraudulent communication through SMS, RCS, iMessage, WhatsApp, Telegram
  Important:
  Chakshu cannot be used to officially report cybercrimes (those must be reported to cybercrime.gov.in).

1. Reporting Spam / Unsolicited Commercial Communication
   Users can report spam calls or SMS under TRAI’s TCCCPR 2018 regulations.
2. Verifying Phone IMEI Authenticity
   Using the camera, the app can scan IMEI barcodes to check if a phone is:

• Genuine
• Cloned
• Blacklisted
• Tampered

Why Did the Government Issue a Mandatory Installation Order?

The directive was issued to:

• Reduce IMEI tampering and sale of cloned phones
• Prevent mobile theft
• Allow easier reporting of fraud
• Improve telecom network security
  However, the push to make it mandatory raised significant concerns because it:
• Embedded a state-owned app at the system level
• Restricted user ability to delete or disable it
• Required root-like privileges, similar to OEM system apps
  This level of embedding is unusual in democracies and resembles more state-controlled digital ecosystems.

Why Did Digital Rights Groups Raise Privacy and Surveillance Concerns?

The Internet Freedom Foundation (IFF) stated:
The mandate “converts every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully refuse.”
Key concerns:

1. System-Level Access
   To remain undeletable, the app would need root/system permissions, allowing:

• Deep access to device data
• Ability to run without user control
• Elevated privileges beyond normal apps

1. State Exemption in India’s Data Protection Act
   Indian government agencies have blanket exemptions, meaning:

• They can collect user data without notification
• They are not bound by strict data minimisation norms
• Oversight is limited

1. First Instance of Mandatory State App Installation
   India has never before demanded a government app to be pre-installed by law.
2. Comparisons to Russia
   In 2025, Russia forced installation of its state messaging app MAX, widely criticised for enabling:

• User tracking
• Mass data collection
• Government surveillance
  India’s move appears similar in structure, though official intent differs.

What Permissions Does Sanchar Saathi Request on Android and iOS?

On Android Devices (extensive permissions):

1. Make and manage phone calls
   o To detect the active phone number
2. Send SMS
   o Auto-registration messages to DoT
3. Access call/SMS logs
   o For fraud reporting features
4. Photos and files
   o To upload screenshots of fraud messages
   o To submit documents for stolen phone reports
5. Camera access
   o For scanning IMEI barcodes
   On iOS Devices (limited permissions):
   Reaches photos, files, and camera — cannot auto-send SMS or read call logs due to Apple’s restrictions.

Does Sanchar Saathi Automatically Register Users Without Consent?

According to FAQs:

• On Android, the app automatically detects the phone number and sends an SMS to DoT to register the device — without explicit user action.
• On iOS, users must manually press “Send” for registration.

What Does Independent Analysis Reveal About Data Access?

The MobSF (Mobile Security Framework) analysis of the Android APK found that the app can:

• Take pictures and videos
• Read call logs
• Read external storage
• Access phone identifiers
• Determine whether calls are active
• Identify numbers involved in calls
  These are categorised as “dangerous permissions” because they expose sensitive data.

What Does Sanchar Saathi’s Privacy Policy Say—and Not Say?

1.What the policy claims:

• It does not collect personal information without notice
• It protects user data with adequate measures
• It does not share personal information with third parties except law enforcement
  2.What the policy fails to mention:
• Users’ right to access, correct, or delete their data
• Duration of data storage
• Clear opt-out mechanisms
• Transparency about how automatically collected data is used
• Accuracy in app store declarations (which incorrectly state “no data collected”)
  This mismatch raises questions about transparency and accountability.

Why Are Experts Comparing Sanchar Saathi to Global Tracking Systems like Apple’s Find My?

Voluntary systems elsewhere:

• Apple’s Find My
• Google/Android Find Hub
  These systems are:
• Opt-in
• Encrypted
• Designed to protect anonymity
• Not controlled by the government
  Even these sophisticated systems have been found vulnerable to:
• De-anonymisation risks
• Correlation attacks
• Metadata tracking
  Sanchar Saathi differs because:
• It is mandatory (as per original directive)
• Operates at system level
• Controlled by the state, not device manufacturers
• Integrated with centralised IMEI databases
  This increases potential for:
• User tracking
• Behaviour monitoring
• Device movement mapping

How Does India’s Approach Compare Globally?

Democracies like the U.S. and EU:

• Do not require government apps to be pre-installed
• Emphasise consent-based participation
  Countries with strong digital-state control (e.g., Russia, China):
• Frequently mandate installation of state apps
• Integrate government systems directly into personal devices
  India’s move appears closer to the latter category.

What Does This Mean for the Future of Digital Rights in India?

The directive (even with later clarifications) raises critical questions:

• Should a state embed itself inside every citizen’s personal device?
• How should user consent be protected?
• What surveillance safeguards must exist?
• What transparency should be required for government-run software?
  The core issue is proportionality—whether fraud prevention justifies deep, mandatory device-level state integration.

What Should Users Understand?

Sanchar Saathi, in principle, is a useful anti-fraud and anti-theft tool with real public safety benefits.
However, concerns revolve around:

• Mandatory installation
• Deep system access
• Automatic registration
• Ambiguous privacy safeguards
• Government exemption from data protection rules
• Potential surveillance implications
  The debate reflects broader tensions between:
• Security vs. privacy
• State power vs. user autonomy
• Public safety vs. digital freedom
  How India resolves these concerns will shape the future of digital rights, telecom governance, and personal privacy for over a billion smartphone users.