What Is India's Controversial Sanchar Saathi Cyber Safety App?

Overview of the Mandate

India has implemented a new regulation requiring smartphone manufacturers to preinstall a government-developed cyber safety application on all new devices. This move has sparked significant controversy, raising concerns about potential government surveillance in one of the world's most populous countries. The app, known as Sanchar Saathi or Communication Partner, has become a focal point for discussions involving major tech companies such as Apple, Samsung, and Xiaomi.

Features of the Sanchar Saathi App

Sanchar Saathi is currently available in both Apple and Android app stores, and it is marketed as a user-friendly safety tool. It offers several functionalities aimed at enhancing mobile security. Users can block and track lost or stolen phones using the device's unique International Mobile Equipment Identity (IMEI) number. Additionally, the app allows users to check how many mobile connections are registered under their name, which helps in identifying and disconnecting fraudulent numbers used in scams.

The app also includes tools to report suspicious calls and verify the authenticity of used devices before purchase. These features are designed to provide users with greater control over their mobile security and privacy.

New Regulatory Requirements

On November 28, India's telecom ministry issued a directive to all smartphone manufacturers, requesting them to preload the Sanchar Saathi app on all new devices. The app must be "visible, functional, and enabled" upon first setup. The requirement also mandates that users cannot disable or restrict the app's features. For already manufactured devices, companies are required to install the app through software updates.

An industry source mentioned that software updates would eventually roll out the app to existing phone users, potentially reaching over 735 million people. The government claims this mandate is essential to combat the "serious endangerment" of telecom cyber security caused by IMEI tampering.

Data and Privacy Concerns

According to the Indian government, the Sanchar Saathi app has been downloaded over 10 million times and has helped block more than 4.2 million stolen or lost phones while terminating over 30 million fraudulent mobile connections. The government asserts that the app does not automatically capture any specific personal information without user consent.

However, the app's privacy policy reveals that users will be asked to grant permission for sharing access to cameras, photos, and files for iPhones for select uses. For Android devices, users may be prompted to share call logs, send messages for registration, make and manage phone calls to detect mobile numbers in their phone, and grant access to cameras and photos.

Apple has expressed concerns about potential privacy and security vulnerabilities associated with the app. According to Counterpoint Research, over 95% of Indian smartphones run on Google's Android operating system, with the remaining on Apple's iOS.

Government Rationale and Public Reaction

The Indian government argues that criminals often clone or spoof valid IMEI numbers onto stolen devices, making it difficult to track them or block the hardware. Given India's large market for used phones, the government aims to prevent people from purchasing stolen or blacklisted devices.

This mandate has generated considerable discussion on local prime-time television and social media platforms. Privacy advocates and members of the political opposition have criticized the move, calling it an overreach of government power. The main opposition Congress Party has demanded that the mandate be rescinded, labeling it unconstitutional. The Internet Freedom Foundation, a free-speech rights group, has vowed to challenge the directive until it is rescinded.