Sanchar Saathi Saga: Erosion of Privacy

The Sanchar Saathi App, which has been available on the Google Play Store and Apple App Store for nearly a year, was recently announced to be a mandatory inclusion on smartphones manufactured in and exported to India, by the Department of Telecommunications (DoT). For the existing phones, it would get installed as a compulsory software update with no process to uninstall it.

Launched on January 17, 2025, the Sanchar Saathi App and its companion website were developed by the Department of Telecommunications (DoT) as a citizen-centric telecom security platform.

It was designed to function as a one-stop portal, allowing users to verify the International Mobile Equipment Identity (IMEI) number of their devices, report fraud, trace lost or stolen phones, and cross-check trusted contact details registered with banks, among other utilities. The initiative was explicitly aimed at combating the rising tide of mobile-related cyber fraud in India—and the results have been notable: since its launch, the platform has already helped disconnect over four million fraudulent connections.

However, following a swift and fierce backlash from privacy advocates, tech industry leaders, and opposition politicians, the government rolled back the mandate just days later. They clarified that the app would be optional and like other apps could be uninstalled at will.

What is the issue?

Despite this retreat, the episode has ignited a firestorm of debate. The app’s expansive permissions—demanding access to call logs, SMS, device storage, camera, network connections, and even the ability to prevent the phone from entering sleep mode—lay bare vulnerabilities in end-user privacy. While the DoT insists the app enhances security without invasive tracking, the spectre of potential misuse lingers, especially in a nation where digital surveillance has long been a flashpoint. This is still a fluid situation; whispers in policy corridors suggest the app’s role could evolve, making vigilance imperative.

This episode should be a privacy red flag for every Indian smartphone user, for two intertwined reasons. First, the initial push for mandatory pre-installation -coupled with the implicit pressure to grant all its permissions - would have embedded a government-backed tool deep into personal devices, blurring the line between protection and intrusion. Second, it spotlights the broader peril of app permissions in an era of hyper-connected smart devices. From fitness trackers to social media feeds, our gadgets are gobbling up data like insatiable beasts, often with consents buried in fine print. In India, where over 800 million people rely on mobiles for everything from banking to activism, unchecked permissions aren’t just technical footnotes—they’re gateways to profiling and control. The Sanchar Saathi flap isn’t isolated; it’s a microcosm of how “helpful” tech can morph into a panopticon, eroding the autonomy we assume in our pockets.

Why is it a concern?

Broadly speaking, the Sanchar Saathi App raises two seismic concerns: the immediate forging of user activity and information profiles, and the downstream perils of leveraging those profiles for behavioural tracking or third-party data swaps. To be clear, this column sounds a cautionary note against plausible future abuses, not an exposé of current malfeasance—the DoT maintains the app is benign, capturing no personal data without explicit notice. Yet, the architecture invites scepticism.

Starting with the immediate threats. The app’s permission suite is a veritable data vacuum machine: it seeks read access to call and SMS histories, device storage (including photos and files), network states, and the camera, while overriding sleep mode to run persistently in the background. On Android, this could mean logging every incoming call or text; on iOS, it prompts for photo library and camera access “for select uses,” like IMEI verification via scans.

Stitch these threads together, and you’ve got a blueprint of user life: who you call during crises, the banks you text, the locations your network pings reveal. The app’s privacy policy, hosted on its site, asserts that “no personal information is captured” sans user prompt and that “no personally identifiable information” is shared with third parties except under legal compulsion. But here’s the rub: it offers scant mechanics for auditing compliance or redressing breaches. What constitutes “personally identifiable”?

The policy dodges a crisp definition, leaving room for wiggle. In today’s algorithmic age, siloed data points— a call log here, a location ping there—aren’t inert; they’re fodder for coalescence into shadow profiles that know you better than your spouse, sans your name. Critics, including the Internet Freedom Foundation (IFF), decry this as a “sharp and deeply concerning departure” from privacy norms, potentially enabling unsolicited surveillance under the guise of fraud-fighting.

Zoom out to long-term horizons, and the dystopia sharpens. These profiles aren’t hoarded in vaults; they’re primed for weaponization. Imagine tailored ads slithering into your feed—not benign book recommendations, but predatory loan pitches keyed to your SMS-bank chats, or politically charged content amplified to sway elections based on your call patterns. Third-party exchanges amplify this: data brokers could launder anonymized slivers into dossiers sold to insurers (hiking premiums for “risky” texters) or advertisers (micro-targeting the anxious parent). In a country reeling from scams costing billions annually, the app’s utility is undeniable—IMEI checks and fraud reports save real money. But when permissions eclipse purpose, trust fractures. As one analyst quipped, it’s like installing a home security camera that doubles as a peephole for the state. The rollback buys time, but without ironclad limits, the app risks becoming a Trojan horse for normalized tracking.

What can be done?

Happily, despair isn’t the denouement; agency is. Tackling these privacy pitfalls demands action on individual, collective, and systemic fronts, starting with awareness as the bedrock. Individually and collectively, the first salvo is enlightenment. In an info-saturated age, curating reliable feeds is key: follow outlets like The Hindu or The Indian Express for policy scoops, cross-reference with global watchdogs like Reuters, and dip into social media for grassroots pulses-X threads from techies dissected the permissions in real-time. When alarms blare, amplify: the Sanchar Saathi uproar snowballed via petitions and op-eds, forcing the U-turn in under a week.

Voice concerns and rally behind advocacy powerhouses. The Internet Freedom Foundation (IFF), a digital rights sentinel, led the charge here, issuing fiery statements and mobilizing signatures against the mandate. Similarly, the Manushya Foundation, focused on human rights in tech, has flagged such apps as vectors for disproportionate harm to marginalized users, urging inclusive reforms.

How can it be done?

Executing these countermeasures spans personal tweaks, institutional guardrails, and sociocultural sea changes. Personally, reclaim control: audit app permissions ruthlessly. On Android, burrow into Settings > Apps; on iOS, toggle off camera/storage access post-install. Opt for the web version of Sanchar Saathi for IMEI checks, bypassing the app entirely. Layer on tools like VPNs or privacy-focused browsers to mask network trails. Institutionally, push for legislative bulwarks: India’s Digital Personal Data Protection Act (DPDPA) is a start, but it needs teeth—mandatory data minimization clauses and independent audits for government apps.

Lobby via MPs or bodies like TRAI for “privacy by design” mandates, ensuring apps like Sanchar Saathi ship with granular consents, not all-or-nothing gates. Socially and culturally, normalize privacy as a right, not a luxury: schools could weave digital literacy into curricula, teaching kids to question permissions like they do strangers at the door. Campaigns—think IFF’s viral social drives—can stigmatize data gluttony, fostering an ethos where “I don’t consent” is as empowering as “I vote.”

Conclusion

To conclude, let us pose the question: ‘Is this something to be concerned about?’ Unequivocally, yes—because it tests the fragile pact between state security and citizen liberty. The DoT’s announcement unleashed a torrent of pushback: IFF branded it a “direct attack on privacy,” opposition voices in Parliament decried it as surveillance creep akin to Pegasus spyware, and even Apple reportedly mulled legal defiance. The web portal and free IMEI checkers already deliver most functions sans the invasiveness, underscoring the app’s non-essential edge. Sure, an integrated fraud-buster has merits in a scam-plagued landscape, but at what cost? The rollback—allowing uninstalls—stems the bleed, yet permissions are an Orwellian undertow.

By: Mavahib Drabu

 The author is a Cyberpsycologist, interested in user experience research. He explores issues on the intersection of psychology, human-computer interaction, and digital systems

References:

Chawake, A. (2025) 'Sanchar Saathi app: All the data govt-mandated app collects from your phone,' The Indian Express, 3 December. https://indianexpress.com/article/technology/tech-news-technology/sanchar-saathi-app-preinstalled-android-ios-privacy-security-concerns-10397922/.

DoT issues directions for pre-installation of Sanchar Saathi App in mobile handsets to verify the genuineness of mobile handsets (2025). https://www.pib.gov.in/PressReleasePage.aspx?PRID=2197140®=3&lang=2 (Accessed: December 6, 2025).

Kaushik, K. and Schipani, A. (2025) India demands installation of government app on all smartphones. https://www.ft.com/content/fe70b9ec-755b-44c6-a024-edbf4e178e52 (Accessed: December 6, 2025).

Digital Rights | Manushya Foundation (no date). https://www.manushyafoundation.org/digital-rights (Accessed: December 6, 2025).

Sanchar Saathi - Apps on Google Play (no date b). https://play.google.com/store/apps/details?id=com.dot.app.sancharsaathi&hl=en-US (Accessed: December 6, 2025).

Sanchar Saathi App Privacy Policy (no date). https://sancharsaathi.gov.in/Home/app-privacy-policy.jsp (Accessed: December 6, 2025).

Tech Desk, Financial Express (2025) 'What is Pegasus spyware? Congress MP Karti Chidambaram comparing it with Sanchar Saathi app,' Financial Express, 5 December. https://www.financialexpress.com/life/technology-what-is-pegasus-spyware-congress-mp-karti-chidambaram-comparing-it-with-sanchar-saathi-app-4062690/ (Accessed: December 9, 2025).