India’s New ‘Sanchar Saathi’ Surveillance Play: The Slow Death of Indian Privacy?
Key takeaways:
- The Indian government has ordered smartphone manufacturers to pre-load the Sanchar Saathi app on newly manufactured or imported devices.
- The app requires extensive permissions like viewing call logs, reading and sending SMS, camera access, and altering device storage, all of which are pretty intrusive in nature.
- The government later clarified that users can delete the app if they do not want to use it, which seems to be in contradiction with the written directive.
- This has raised privacy concerns and a threat to freedom of speech as the app can act as a state surveillance tool for millions of Indians.
The Indian Department of Telecommunications (DoT) has issued a private directive to mobile phone manufacturers to preload the Sanchar Saathi app on all mobile handsets manufactured or imported for use in India. The directive requires the app to be readily visible and accessible to the end user at the time of first use or device setup.
What's really concerning is the government requesting these manufacturers that the app must not be disabled or restricted, meaning you cannot uninstall it. For devices that have already been sold and are in use, manufacturers are required to push the app through software updates.
The Sanchar Saathi app isn't a new development in itself. It has existed on both the Apple App Store and the Android Play Store for quite some time now, with 15 million downloads so far.
Marketed as a citizen-centric safety tool, the app allows users to track lost or stolen mobile phones through its International Mobile Equipment Identity (IMEI) number. Users can use it to check how many mobile connections are registered in their name, which in turn helps locate and prevent the fraudulent use of mobile numbers.
How is Sanchar Saathi IntrusiveTo understand why the Sanchar Saathi app is a privacy nightmare, let's break down its functions. First, it can remotely block your stolen or lost handset through its IMEI number. IMEI is a unique code tied to every smartphone in India. Your IMEI number is permanent as long as you're using the same smartphone. This data is then stored in the government's CEIR database (Central Equipment Identity Register), tying a particular device to your identity.
Another app function allows you to check how many phone numbers are registered in your name. To buy a SIM card in India, you have to complete KYC, for which you require identity documentation - Aadhaar being the most common.
This KYC data is stored by the telecom operator and shared with the DoT during various compliance processes, namely in the TAFCOP (Telecom Analytics for Fraud Management and Consumer Protection) database, which can be accessed by the Sanchar Saathi app.
Putting all the pieces together, the Sanchar Saathi app already has your Aadhaar information (your real-life identity), your SIM card details, and your IMEI number, creating a singular chain of identity that can be monitored by the government at any time. It's essentially a state-owned app sitting inside your phone 24/7, which is why this mandatory directive isn't sitting well with privacy advocates.
A careful look at the app's required permissions raises even more questions on the government's intent. It can access your camera, call logs, read phone status, send and view SMS messages, read your text messages, and even modify and delete content of your storage.
It can even view network connections and gets full network access.Congress, the opposition party in India, has come down hard on the government. There's a very fine line between reporting fraud and seeing what every citizen of India is doing on their phone. That's not how it should work." - Congress's X handle.
Clarification and the LoopholesAfter significant uproar, Jyotiraditya Scindia, the Indian Telecom minister, issued a clarification on the matter, saying that the app won't be mandatory for the citizens. If anyone wishes not to use it, they can delete it or never even register.
The spokesperson said that the primary aim of the government directive was to make people aware of the existence of such an app, where they can track their stolen or lost devices. The DoT also posted on X to clarify that the app isn't watching you' and that it won't act as a surveillance tool and not track your data.
However, this clarification doesn't sit in line with clause 7(b) of the written directive, which reads ....that its [the app's] functionalities are not disabled or restricted."
Does this mean the Sanchar Saathi app will have all the required permissions on startup without you having to lift a finger? If so, then as soon as you buy a new device and insert your SIM card, the government can tie your identity to it. And if that's the case, you'll have to manually disable the permission from your settings.
Widespread implementation of Sanchar Saathi means citizens don't get the to choose. And even if they disable or delete the pre-installed app (after inserting the SIM card), does this erase their IMEI information from the app's database?
There are a lot of unanswered questions and enough evidence to raise more than a few eyebrows regarding the intent of such a draconian and anti-democratic move, which invades people's right to privacy and choice.
Apple to Fight for User PrivacyApple is expected not to comply with the Indian government's directive, and will likely try to find a middle ground. The company has a strong history of resisting such government orders in the past.
- In the popular Apple vs. FBI case in 2016, Apple refused to unlock the mobile phone used by a terrorist since it would have required it to build a backdoor that could compromise the security of every iPhone in the world.
- When Russia asked Apple to ban Telegram in 2018, Apple only disallowed updates for a couple of weeks before making a u-turn on its policy.
Likewise, pre-installing Sanchar Saathi on iPhones will require Apple to fiddle (technical term) with its iOS firmware, which it doesn't often do. It would also mean altering privileged system-level capabilities, baking the app into the iOS firmware, and bypassing App Store security checks, which is indeed a lot of legwork for a privacy-focused giant like Apple.
It would also require Apple to alter its core iOS globally, just to appease the draconian directive of one government, something the company is highly unlikely to entertain. Apple is expected to communicate its concern to the Indian authorities and help find a middle ground, which may involve making new iPhone users aware of the existence of the Sanchar Saathi App.
The Death of Indian PrivacyThis isn't the first time the largest democracy in the world tries to redefine personal privacy.
The Telecommunications Bill 2023, passed on 21 December 2023, contains several provisions that threaten Indian citizens' right to privacy and freedom of speech.This legislation allows the government to intercept, monitor, and block messages between two or more persons if it is deemed necessary in the interest of public safety or during a public emergency. Specific grounds might include national security, prevention of offences, or maintaining public order.
The vague and broad terminology used in the Act raises serious concerns. For example, the Act defines telecommunication" to cover the transmission, emission, or reception of messages by wire, radio, optical, or other electromagnetic systems - essentially every form of written or voice communication that exists today.
This means the 2023 Act provides the government with sweeping powers to intercept and block private communications on grounds that are far from specific. Terms like public safety and state security' can be interpreted in countless ways, and individual incidents can be molded to fit these descriptions without sufficient justification.
This could be used to censor communication and content that doesn't sit well with the government, especially speech that is critical of the current regime, since anything against the government' can be perceived as a threat to the security of the state.' And it's not as though the Indian government hasn't done this before.
On July 3, 2025, X claimed that the Indian government had ordered it to block 2,355 accounts including Reuters'. While the exact reason for the blocking wasn't made public, the order was likely issued under Section 69A of the Information Technology Act, 2000, which allows the government to block content for national security, sovereignty or public order.
X said that this was part of the ongoing press censorship in India. The country now ranks 151/180 in the freedom of press index, falling from its previous ranking of 142 in 2022. In 2013, it stood at 140.
Section 19 of the Telecommunications Act allows the government to set standards relating to data processing, encryption, network security, and technical and operational parameters for telecom networks and services. This means the government can simply issue a new technical standard instead of passing a dedicated surveillance law in Parliament, and all of this can happen without judicial oversight at a moment's notice.
The same section also mandates storing decrypted copies of messages and requires traceability, creating de facto censorship and surveillance on these applications. This is exactly what appears to be happening with the Sanchar Saathi app directive, as it functions more as a legislative order forcing smartphone manufacturers to comply rather than going through a legislative route.
The Way AheadI'm reminded of this famous quote from Game of Thrones: the night is dark and full of terrors, which" seems to be coming true for privacy and freedom of speech in India. While the government's clarification have somewhat eased some nerves among privacy advocates, the need for such a directive still remains a mystery.
If tracking IMEI numbers and retrieving stolen phones were the true objective, the government could still achieve this without the Sanchar Saathi app in the first place. It can request actual cell tower and customer data from telecom operators, who are already required to log IMEI numbers and the SIM cards used with those IMEIs.
Or it can use the CEIR system, which already enables IMEI blacklisting and IMEI-SIM mapping. That objective alone does not warrant installing an app with extensive, intrusive permissions on over 700 million Indian smartphones, and so the only logical conclusion here is that
The post India's New Sanchar Saathi' Surveillance Play: The Slow Death of Indian Privacy? appeared first on Techreport.