This week, the Indian government surprised smartphone companies and millions of users by announcing that every new smartphone sold in the country must come pre-installed with the Sanchar Saathi app — a government tool created to prevent telecom fraud and track stolen phones. However, following strong public criticism and industry pushback, the mandate has been rolled back for now.
A Mandatory App That Triggered Concerns
The biggest objection to Sanchar Saathi was that it was being forcibly installed on every new device. Reports claimed the app would be non-removable and non-uninstallable, deeply embedded at the system level. Meanwhile, the government had already begun sending SMS alerts encouraging users to install the app.
This created widespread fear and anger. Many citizens believed the government was attempting to secretly install spyware on smartphones. Privacy advocates urged smartphone manufacturers to oppose the mandate. It is reported that Apple refused to comply. The Internet Freedom Foundation (IFF) also announced that it would support a legal challenge against the order.
Why did an app intended to curb fraud suddenly become the center of a major privacy debate?
Sanchar Saathi: Security Measure or Step Toward State Surveillance?
Although Sanchar Saathi is meant to protect users from fraud and theft, the way it was implemented raised serious privacy concerns. Experts warn that if the app is integrated at the system level, it could effectively turn every smartphone into a surveillance device — with potential access to call logs, SMS data, and even photos, without the user’s explicit consent.
The government insists the app is not designed for spying, but its vague privacy policy and the absence of a clear opt-out option have made users skeptical.
According to the IFF, the mandate fails to meet the proportionality standard laid down by the Supreme Court in the K.S. Puttaswamy (2017) privacy judgment. Imposing a permanent system app for a task that is only occasionally required, they argue, is excessive state interference.
Experts also point out that real cybercriminals often use rooted or jailbroken phones, where any system app can be removed easily. As a result, the mandate would burden ordinary citizens more than actual criminals.
The centralised storage of user data creates another significant concern — the “honeypot” risk. A single breach of such a database could expose the locations, identities, and sensitive personal details of millions of citizens.
Multiple crucial questions remain unanswered:
- How long will the data be stored?
- Will it be shared with police or intelligence agencies?
- What safeguards exist to prevent misuse?
SIM Binding Raises More Alarms
The Sanchar Saathi debate is closely linked to the government’s newly proposed SIM Binding policy. Under this proposal, apps like WhatsApp, Telegram, and Signal would be required to link user accounts to an active SIM card and a device ID.
Although the policy appears to target fraud and anonymous abuse, it brings three significant risks:
- Barriers to Number Portability
If services like WhatsApp or UPI are tied to a specific SIM, switching telecom operators could temporarily cut users off from essential services.
- End of Multi-Device Convenience
People who use the same app across multiple devices may be locked into a single “authorised” device.
- Increased Traceability
When SIM, device ID, and app account are linked — along with KYC and Aadhaar — tracing any user’s online behaviour to their physical identity becomes far easier.
Several experts believe that SIM Binding and Sanchar Saathi, together, could form the basis of a broader surveillance infrastructure. The government has denied this, but clear explanations are still lacking.
AI Could Make Surveillance Even More Powerful
In the age of AI, a system like Sanchar Saathi can collect massive amounts of data that may later be used with machine-learning models to deeply profile citizens’ private lives. Although the mandate has been withdrawn for now, the underlying concerns remain unchanged.
India’s landmark right-to-privacy judgment stands in stark contrast to increasing government efforts to access citizens’ personal data. Meanwhile, several provisions of the Digital Personal Data Protection Act give extensive powers to the executive, raising further concerns.
What Lies Ahead? The Battle Between Security and Privacy
As India strengthens its digital governance systems, the tension between national security and individual privacy will only intensify. Cybersecurity is undeniably a major challenge, and AI will make it even more complex — but these concerns cannot justify compromising basic expectations of privacy, consent, and data protection.
A truly secure Digital India is only possible when citizens’ fundamental rights remain protected.