India’s government has retracted an order that all smartphone manufacturers must install a state-issued, undeletable cybersecurity app.
Two and a half years ago, India’s Department of Telecommunications (DoT) created a Web platform to help fight mobile phone theft, spam, and fraud. It named it Sanchar Saathi (or “Communication Companion” in English). A mobile app version was launched in January and, according to the government, it has already had a significant impact to that end.
To accelerate nationwide adoption, the DoT issued an order on Nov. 28 that all smartphone manufacturers must, within the following 90 days:
Ensure that Sanchar Saathi is pre-installed on all new mobile devices entering India
Install the app retroactively on all existing mobile devices in India
Ensure that the app is clearly visible and accessible, and that users cannot restrict or disable it
Needless to say, the order didn’t go over well with the public. Following a torrent of pushback in the halls of government, social media, and reportedly even from manufacturers themselves, on Dec. 3 the DoT issued a retraction. Spinning the reversal as its own idea, the department stated that “given Sanchar Saathi’s increasing acceptance” pre-installation ultimately would not be made mandatory.
What is Sanchar Saathi?
India is the world’s largest country by population size, and there are more registered phone numbers in the country than there are people. Its rate of mobile phone usage isn’t far short of 100%, but computer ownership is closer to 10%. So when an agency like the Indian National Crime Records Bureau (NCRB) reports that cybercrime rose more than 30% year over year in 2023, or the Indian Cyber Crime Coordination Centre (ICCCC) reports that Indian citizens lose an average of 600 million rupees (around $6.7 million) every day to cybercrime, what those numbers really reflect are an overwhelming volume of phone-enabled crimes. And that’s to say nothing of other categories of phone crime: spam, simple theft, etc.
If you were running a country so rife with and reliant on mobile devices, how would you address these crimes? Maybe by creating a massive database of mobile phones around the country, registered with their International Mobile Equipment Identity (IMEI) numbers, and giving citizens the ability to police their own devices. Using an easy mobile app, a citizen could report if their phone is lost or stolen; their newly purchased phone turns out to be a fake; a SIM they don’t recognize is registered in their name; they’re receiving spam calls or texts; or they’ve been targeted by fraud or cybercrime.
This, in essence, is Sanchar Saathi, and the Indian government claims that it has already made a massive dent in mobile crime. In a Dec. 2 press release, the government claimed that more than 14 million citizens have downloaded the app version since its release on Jan. 17, and that those users have:
Deactivated more than 4.2 million lost and stolen mobile devices, keeping them out of the hands of criminals
Traced more than 2.6 million of them
Successfully retrieved more than 700,000 of them
Disconnected more than 14 million mobile connections, by marking them as “Not My Number”
Blocked more than 600,000 IMEIs linked to fraud
Prevented financial losses worth an estimated 4.75 billion rupees (around $53 million)
Source: PIB Delhi
Even if these numbers haven’t been independently verified, “from a security standpoint, the problem the app addresses is very real,” says Krishna Vishnubhotla, vice president of product strategy at Zimperium. “Mobile devices sit at the center of our personal and work lives, and they’re now one of the most common entry points for fraud, scams, and enterprise breaches. In a country where SIM fraud and device theft are widespread, giving citizens a simple way to block a stolen phone or report fraudulent connections is genuinely valuable. That part of the app makes sense and solves a real need.”
State Surveillance, and Weak Legal Cover for Citizens
The issue with Sanchar Saathi may be less about the message than the messenger. Vishnubhotla notes that “India has had previous high-profile investigations, including independent forensic reports, showing that advanced spyware like Pegasus was found on the devices of some journalists and activists, and they raised long-term questions about digital surveillance in the country.” A nationwide mobile phone databank might be just as useful for surveillance as security, were the government to be so inclined.
In theory, Indian citizens should be protected from threats to their privacy, ever since a landmark 2017 Supreme Court case deemed that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.” Time and again, though, the government has exempted itself from having to follow the same privacy rules it enforces against companies and individuals.
Considering Sanchar Saathi’s real benefits to citizens, but the justifiable surveillance concerns many have about it, Vishnubhotla thinks that instead of any kind of mandate, the government would be better off focusing on transparency.
“People need to understand the value the app provides, what it does and does not do, and why the permissions it asks for are necessary for security,” he says. “If citizens see clear benefits and have clear boundaries, adoption will rise without forcing it. Strong communication, independent audits, and simple in-app explanations will go much further than a mandate.”
