Opinion | India Still Needs Something Like Sanchar Saathi - Just Not Like This

(The Centre's now-withdrawn order mandating all smartphone manufacturers to pre-install the Sanchar Saathi app kicked up a massive storm. This is a counter-view to Vir Sanghvi's column Sanchar Saathi Mess: 5 Lessons From The Centre's Spectacular Misfire)

On November 28, 2025, the Department of Telecommunications (DOT) mandated that all smartphone manufacturers pre-install the government's Sanchar Saathi app on every device sold in India, with explicit instructions that its functionality remain visible, accessible, and unrestricted. Then came the reversal: just four days later, on December 2, Telecom Minister Jyotiraditya Scindia declared the app entirely "optional" - users could delete it whenever they wished. Now, in the latest, the government has officially withdrawn the order mandating the pre-installation of the app. 

These contradictions reveal troubling confusion about the initiative. But it also obscures an important truth: the government's cybersecurity intent is both genuine and urgent. The question is not whether we need robust fraud prevention mechanisms, but whether this particular approach respects constitutional boundaries while achieving those security goals.

The timing of this directive was no accident. India is experiencing what authorities describe as a "peak menace" of digital fraud. The Supreme Court recently took suo motu cognisance of digital arrest scams, directing the CBI to lead a nationwide investigation after victims collectively lost approximately Rs 3,000 crore. These scams involve fraudsters impersonating law enforcement officials through video calls, displaying forged Supreme Court orders, and terrorizing victims-particularly senior citizens-into transferring life savings. Chief Justice Surya Kant noted that the court intended to deal with scamsters "with iron hands," emphasizing that such crimes strike at "the very foundation" of trust in the judiciary. The Court directed that all FIRs be handed over to the CBI, granted the agency authority to investigate bank officials under the Prevention of Corruption Act, and mandated that IT service providers cooperate fully.

A Necessary Step

Against this backdrop, the government's push for Sanchar Saathi becomes comprehensible. The app provides tools to report fraudulent communications, check unauthorized SIM cards, verify IMEI authenticity, and block stolen devices. Over 15 million people had already downloaded it voluntarily in the past 15 months, and the app is available in all vernacular languages. Downloads of Sanchar Saathi jumped tenfold on December 2, rising from a daily average of 60,000 to nearly 600,000-suggesting both genuine public concern and regulatory pressure.

Clearly, the government's cybersecurity intent was genuine and commendable, but its execution raised constitutional questions. Privacy concerns warrant examination here. The Puttaswamy judgment delivered in 2017 established privacy as a fundamental right. Any state intrusion into informational privacy must satisfy three tests: legality, legitimate aim, and proportionality.

• On Legality: The government operates within its authority to issue directives based on executive rules under the Telecommunications Act 2023, but constitutional doctrine demands more substantial legislative authority for such intrusive measures.
• On Legitimate Aim: Device security and fraud prevention certainly qualify as compelling state interests. The digital arrest scam crisis and the Supreme Court's extraordinary intervention demonstrate that the threat is real and pressing. The government's cybersecurity objective is not only legitimate but necessary.
• On Proportionality: The directive becomes problematic. Could identical outcomes be achieved through less intrusive alternatives? The answer is demonstrably yes. The app was already available with 15 million voluntary downloads. Following the directive and subsequent publicity, downloads surged to 600,000 in a single day, proving that awareness campaigns drive adoption. The app could be prominently featured during device setup without being compulsory.

Despite government assurances, the app's technical architecture required greater governance transparency. On Android devices, Sanchar Saathi requests access to call and SMS logs, phone management capabilities, camera, and storage. DoT sources explain that the app seeks permission to make calls to check the active SIM before registration, and to send SMS for verification-similar to banking apps.

The Missing Links

What's missing is comprehensive published governance protocols. Where is the detailed data retention policy? How long does the government store IMEI numbers? Who can access this centralized database, and under what authorisation mechanisms? What are the audit procedures? DoT sources stated that Sanchar Saathi has limited access to phone data, "and that too only to the extent citizens permit it in each interaction." This interaction-based permission model is privacy-protective, but requires formal documentation and external audit to build public trust.

This is not a binary choice between security and privacy-both are achievable with superior institutional design. The government's cybersecurity objective deserves support; the implementation method needs refinement.

• First, leverage awareness. A single day of publicity drove downloads from 60,000 to 600,000. Sustained campaigns explaining digital arrest scams, combined with prominent app placement during device setup, could achieve widespread adoption voluntarily.
• Second, integrate at the OS level. Through manufacturer partnerships, IMEI verification, device authenticity checks, and stolen phone blocking could become native OS features without requiring a separate government app with its own permission structure. This approach-already employed in iOS's Find My Device and Android's built-in security features-achieves security objectives while minimizing data collection.
• Third, implement network-side controls. The Supreme Court has already directed the DOT to submit proposals regarding the issuance of multiple SIM cards under a single name. Operators can detect cloned IMEIs, verify device authenticity, and flag suspicious patterns through network analysis without collecting granular user data.
• Fourth, anchor it in proper legislation. Given the Supreme Court's extraordinary involvement in the digital arrest scam crisis, Parliament should enact comprehensive cybercrime prevention legislation. This would provide democratic legitimacy, mandate clear data protection standards, specify retention limits, establish audit requirements, and create judicial oversight mechanisms.

The government's contradictory messaging - mandatory pre-installation followed by declarations of voluntary usage - may reflect genuine tension between security urgency and constitutional requirements rather than cynical manoeuvring. The digital arrest scam crisis is real, confirmed by the Supreme Court's unprecedented intervention. The government's desire to rapidly deploy protective tools is understandable given that vulnerable citizens are losing life savings.

But constitutional democracies navigate such tensions through institutional discipline, not by circumventing fundamental rights. The Puttaswamy framework exists precisely to ensure that even urgent, well-intentioned state action remains bound by principle. The path forward requires neither abandoning security objectives nor accepting constitutional shortcuts.

Balance Is Possible

Strong cybersecurity and robust privacy protection are not opposites - they're complementary goals requiring thoughtful institutional design. The question isn't whether Sanchar Saathi serves a legitimate purpose - it clearly does. The government only has to see that the implementation method respects the fundamental architecture of rights that distinguishes a constitutional democracy from an administrative state, and whether less intrusive alternatives could achieve the same security outcomes. Given the demonstrated power of awareness-driven voluntary adoption and the availability of system-level security integrations, the answer suggests a better path exists - one that serves both security and constitutional values.

(Subimal Bhattacharjee advises on technology policy issues and is former country head of General Dynamics)

Disclaimer: These are the personal opinions of the author