DoT Order to Pre-Install Sanchar Saathi App 

Why Is It in the News?

• DoT issued a mandatory order directing all smartphone manufacturers to pre-install the Sanchar Saathi app on every device sold in India.
• Triggered political backlash (Opposition leaders calling it unilateral, undemocratic).
• Digital rights activists raised concerns over privacy, informed consent, and surveillance.
• Experts warned that pre-installed, non-removable apps can access OS-level permissions, creating potential pathways for malware/spying.

Relevance

GS-II: Governance

• Executive overreach vs citizen rights; informed consent; digital governance ethics.
• Accountability gaps: absence of statutory backing for mandatory apps.
• Public consultation deficits in tech regulation.

GS-II: Polity (Fundamental Rights)

• Right to Privacy (Puttaswamy test: legality–necessity–proportionality).
• Surveillance concerns, metadata collection, state intrusion.

GS-III: Cybersecurity

• Risk of system apps with OS-level permissions.
• Threat surface expansion; malware vector risks; IMEI–identity linking.

What is Sanchar Saathi?

• Launched by DoT in 2023 as a web portal, later upgraded to a mobile app.
• Objective: Counter telecom fraud, enable blocking of stolen devices, verify IMEI authenticity.
• Key functions:
  • Report fraudulent calls/number misuse.
  • Check IMEI genuineness via CEIR.
  • Request blocking/unblocking of stolen/ lost phones.
  • Monitor numbers linked to a single identity (TAFCOP component).

What Does the New DoT Mandate Require?

• Pre-installation on all new smartphones sold in India.
• Likely non-removable, as most pre-loaded system apps are integrated into OEM firmware.
• No public consultation before mandating.
• Not backed by a specific Act of Parliament.

Why Did Government Push It? (Official Rationale)

• Sharp rise in online fraud, “digital arrest” scams, impersonation and cross-border cybercrime.
• Increase in IMEI spoofing, sale of fake devices.
• App-based services like WhatsApp/Telegram can function even when SIM credentials change → traceability gap.
• Aim: strengthen device-SIM-identity link and support real-time cybercrime response.

Concerns Raised (Governance, Legal, Technical)

A. Governance Concerns

• Absence of consultation with industry/citizens.
• Mandatory installation contradicts the principle of informed consent.
• Risks of normalising state-pushed software on personal devices.

B. Legal and Constitutional Concerns

• Must pass Puttaswamy (2017) tests:
  • Legality: no explicit law authorising such surveillance-enabling installations.
  • Necessity: alternatives available (portal/SMS verification).
  • Proportionality: intrusive, continuous access to device metadata possible.
• Could blur lines between regulation and surveillance.

C. Technical & Cybersecurity Concerns

• Pre-installed apps often gain OS-level privileges (system apps).
• Users often cannot uninstall them → persistent capability.
• As cybersecurity expert Anand Venkatanarayanan noted:
  • Once an app has system-level access, an over-the-air update can give it deeper permissions.
  • Creates a potential single point of failure if app is compromised.
• Government becomes a potential malware vector—a major red flag.

D. Risks of Abuse

• Potential for continuous digital supervision (CPI-M MP John Brittas).
• Could enable mass metadata collection across millions of devices.
• History of spyware allegations (Pegasus) intensifies distrust.
• Manufacturer pushback: compromises secure OS architecture (Apple’s protest expected).

Broader Implications

• Expands executive authority without legislative scrutiny.
• Sets precedent: government apps may be forced on all devices in future.
• Could impact India’s reputation on digital rights and data protection.
• Could weaken India’s cybersecurity posture if exploited by threat actors.

International Practices

• Democratic countries rarely mandate pre-installed government apps.
• Exceptions:
  • South Korea’s disaster alert apps (voluntary install, not system apps).
  • Covid apps globally were voluntary (UK, EU, Japan).
• India’s approach resembles state-led firmware intervention, not standard global regulation.

Critical Overview

Strengths (Limited but Relevant)

• Helps combat rising telecom fraud.
• Facilitates faster IMEI tracking.
• Streamlines reporting of stolen devices.

Major Weaknesses

• Disproportionate → security benefits achievable without deep device intrusion.
• Undermines autonomy and informed consent.
• High systemic cybersecurity risk.
• Weak accountability → no statutory oversight.
• Diminishes trust in government technology.

Way Forward

• Shift from mandatory to opt-in installation.
• Run Sanchar Saathi as a service layer, not firmware layer.
• Enact a statutory framework defining digital surveillance limits.
• Conduct third-party security audits, open-source app code.
• Keep IMEI–SIM linkage at the telecom backend, not user device.
• Launch transparent public consultation with industry, civil society.

Conclusion

The DoT’s move stems from a genuine rise in cybercrime but adopts a legally weak, technologically intrusive, and governance-deficient route.
Mandatory pre-installation transforms a user’s smartphone into a potential instrument of persistent digital oversight. The policy must be redesigned along principles of proportionality, transparency, and privacy-by-design.

---