The Department of Telecommunications (DoT) has directed that every new smartphone sold in India must come with the government controlled Sanchar Saathi app preinstalled, visible on first boot, and manufacturers need to ensure that features shall not be disabled or restricted.
The directive mandates completing the implementation in 90 days and submit a report in 120 days. For existing devices, it mandates the app to be pushed via software updates.
The government describes the application as a tool for verifying IMEI numbers of mobile devices to detect spoofing, block stolen devices, report fraudulent messages or calls, and check all the numbers registered under a name, among other functions.
It also claims that the app enabled the recovery of over 50,000 lost and stolen mobile handsets across India in October 2025, and that overall recoveries crossed 7 lakh devices.
Following uproar from the tech community and fellow political leaders, communications minister Jyotiraditya Scindia has said in a media interview that the app can be uninstalled, but the same is not explicitly mentioned by the government in the directive.
Even as several government representatives have clarified that the app will not misuse data — its pre-installation on devices continues to raise data privacy concerns.
Why The Concerns?
A report from Reuters stated that iPhone maker Apple does not intend to comply with the directive.
Sources familiar with the matter told the media outlet that the company is going to tell the government that it does not follow such mandates anywhere in the world “as they raise a host of privacy and security issues for the company’s iOS ecosystem.”
Pranesh Prakash, an independent tech, legal and policy consultant, told AIM that mandating the app doesn’t fix the problems highlighted in the press release. “People can report IMEI numbers even otherwise.”
Prakash highlighted how GSMA, the global industry body that maintains international IMEI standards and device-identity registries, and similar industry systems already support IMEI blocking. He said that failures originate in operator enforcement and registry maintenance, not in the absence of a reporting interface.
Joel Latto, threat advisor at F-Secure, a cybersecurity company, told AIM that whenever a government forces digital oversight, especially to such an intrusive level, it is a cause for concern.
The app asks for permissions to handle calls, send SMS, read call logs, access photos and files, and use the camera for IMEI scans.
Technically inclined users can dig into settings, disable permissions — pre-installed apps on Android and iOS allow doing so.
But, others are likely to leave the app untouched with every permission active, simply because they don’t know how to manage these controls.
Instances of awareness drives have occurred, such as travellers being nudged at airports into installing and using DigiYatra while sharing their personal details, biometrics, and other data. Once people opt in, they may rarely return to trim permissions.
Similarly, several people, including AIM staff, received an SMS encouraging them to install and use the Sanchar Saathi app. Users who download it without fully understanding its implications may place themselves at risk if the app or any sensitive data it handles is not managed with strict safeguards.
This is where the concern usually surfaces. An app that remains on a device with broad, continuous access creates more surface area for something to go wrong, whether through weak engineering, accidental exposure, or exploitation by those looking to take advantage.
“Even if the app would do nothing but what’s advertised at the moment…it opens up the possibility for future abuse by the powers that be,” said Latto.
“Rest assured if that happens, it will be also done all in the name of citizen safety. It’s a slippery slope that leads to the China-model.”
While Latto hasn’t used the application, he stated even if permissions are disabled, “I’d imagine that at least anything related to IMEI, or other device identifiers will always be broadcasted, as those are not part of typical app permissions.”
‘This Needs to Be Shelved’
Nikhil Pahwa, a digital rights activist and founder of MediaNama, in an interaction with AIM said that besides risks like opening the doors to your personal information for state entities, “A government app on your device can also be used to implant files.”
He pointed towards the 2018 Bhima Koregaon violence case, where independent forensic investigations alleged that activists’ computers had been compromised and incriminating documents were planted remotely.
He cited this to illustrate how a single privileged channel on a device can be misused, and said that mandating such an app “creates that channel” and raises the risk that similar compromises become easier in the future.
Besides, several experts in the industry are concerned about the government’s management of sensitive user data.
“Almost every [government] infra is infested with vulnerabilities routinely being exploited by malware and data thieves. You will often find [government] websites distributing malware,” said Shanthanu Goel, an engineer, on X. “But yes, [government] plans to save us from malware by installing their own malware.”
Over the years, there have been numerous reports of data breaches and leaks across various government-linked and public department sites. For example, the Aadhaar system in 2018, the SPARSH portal in 2023, and the Indian Council of Medical Research (ICMR) registry in 2023
In October 2025, a serious vulnerability was discovered and fixed in the Income Tax e‑filing portal. The flaw would have allowed a logged-in user to view sensitive data (names, addresses, bank details, Aadhaar numbers, and more.) of other taxpayers.
When AIM asked Pahwa what transparency measures users could realistically expect, he said there is nothing transparent about the directive. “This [the directive] needs to be shelved,” he said, arguing that the range of privacy and surveillance risks makes any attempt at mitigation insufficient.
The Legal Clarity
Having said that, Prakash also questioned the legal clarity. “It’s unclear to me whether the powers provided under the Telecom Act actually go so far as to enable the DoT to mandate that specific apps be installed on phones without the ability of people to remove them,” he said.
Besides, the Data Personal Data Protection Act widens the scope of concern. While Prakash explained that the DPDP Act “does not exempt the government sector” entirely — it allows specific exemptions through notifications.
The Act permits the government to exempt entire departments from core obligations such as consent, purpose limitation and notice. It also allows the State to process personal data without consent when performing functions under any law, or during situations framed as public safety or emergency.
While Apple, as per media reports, will not be complying with the mandate, the company has demonstrated an example of the limits it is willing to accept when governments attempt to compel architectural changes to personal devices.
Prakash pointed to the FBI–Apple dispute to illustrate how operating-system modifications raise constitutional questions.
Apple had argued that the FBI’s demand for a customised version of iOS during the San Bernardino shooting investigation to access the locked phone of the perpetrator, “was compelled speech — that was a violation of its freedom of speech rights”.
“Now a similar argument would obviously also work in [this] case,” said Prakash. “There are free speech rights associated with software, associated with companies like Google and Apple and so on.”
The Political Opposition
Political leaders have framed this mandate as a constitutional threat rather than a governance measure.
Congress leader K C Venugopal said on X, “Big Brother cannot watch us. This DoT Direction is beyond unconstitutional”. He described the directive as “a dystopian tool to monitor every Indian” and said it enables oversight of “every movement, interaction and decision of each citizen”.
Shiv Sena (UBT) MP Priyanka Chaturvedi said in a post on X, “Such shady ways to get into individual phones will be protested and opposed & if the IT Ministry thinks that instead of creating robust redressal systems it will create surveillance systems then it should be ready for a pushback!.”
Their concerns mirror those raised by experts.
Further clarity from the government is awaited over whether the app can be uninstalled. If the widespread backlash leads to any major changes in the directive remains to be seen.
“It’s [Sanchar Saathi] more about future-proofing one’s privacy and security hygiene. The point is that I see Sanchar Saathi as the first step,” said Latto.
“The road to hell is paved with good intentions.”
The post Sanchar Saathi Shouldn’t Turn into a Tool for State Surveillance appeared first on Analytics India Magazine.
