Delhi: The Government of India’s directive requiring the preinstallation of the Sanchar Saathi application on all smartphones marks a critical inflection point in the country’s digital governance framework.
According to the Department of Telecommunications, the app is designed to help users verify device authenticity, block stolen phones and identify fraudulent SIM cards. Its stated purpose is crime prevention. Yet the mechanism chosen to deliver these benefits represents a far deeper structural shift. A government-controlled application, embedded at the system level and granted permissions that expose telephony metadata, effectively creates a persistent state presence inside every smartphone.
The gap between official justification and technological implementation reveals the core tension. The government frames Sanchar Saathi as a convenience feature. In practice, its architecture enables the possibility of population-level metadata access. This contradiction is not philosophical. It is infrastructural.
The official rationale and its unresolved contradiction
According to the Press Information Bureau’s release on 28 November 2025, the amended Telecom Cyber Security rules require every smartphone manufacturer to preload Sanchar Saathi and ensure that it remains visible and functional upon first use. The directive applies to devices already in the supply chain through software updates. This is not a recommendation. It is a binding mandate.
Amid public criticism, Telecom Minister Jyotiraditya Scindia attempted to defuse concerns, telling The Economic Times that the app is optional and can be deleted, and that its purpose is limited to fraud prevention. However, this assurance does not alter the legal text of the directive. Technical implementation follows the directive, not the press conference. The ministerial reassurance and the regulatory order therefore remain in unresolved contradiction.
The permissions architecture exposes a deeper risk
According to the Sanchar Saathi privacy policy available on sancharsaathi.gov.in, the app requests permissions that include making and managing phone calls, sending SMS, reading call logs, accessing SMS logs, viewing stored media and using the camera. Independent analyses by Jagran and MediaNama confirm that these permissions are both present and functional.
These permissions matter because they expose highly sensitive metadata. Call logs reveal the structure of a person’s social network. SMS logs reveal communication patterns. Device identifiers can map mobility histories. According to a peer-reviewed study by de Montjoye and colleagues in Scientific Reports, even four spatio-temporal data points are sufficient to identify most individuals in a large dataset. Metadata is therefore not a harmless alternative to content. It is a powerful substrate for profiling, inference and reidentification at scale.
When the state mandates that such a tool reside on every device, it creates the potential for systemic metadata surveillance, regardless of stated intent. In a democratic society, the existence of such an architecture, not merely the assurances that accompany it, determines its risk.
System-level installation turns the app into infrastructure
Android platform documentation makes clear that system applications enjoy elevated privileges compared to user-installed apps. They can bypass certain permission checks, resist user removal and integrate more deeply with telephony APIs. When the DoT directive instructs manufacturers to ensure that core functionalities cannot be disabled, it extends the mandate beyond service delivery. It embeds the service into the device.
This is why the minister’s claim that the app can be deleted is technically ambiguous. Removing an icon does not necessarily remove the underlying package, its forensic footprint or its telephony hooks. On many devices, removing a system application requires rooting, which voids warranty protections and exposes users to security risks. For ordinary citizens, deletion becomes a symbolic rather than functional option.
Apple’s refusal clarifies the scale of intrusion
According to Reuters, Apple informed the government that it would not comply with the mandate because iOS does not permit third-party applications to access call logs or manage telephony functions. The Verge reports that Apple argued the mandate violates its core privacy design principles.
The refusal is instructive. It demonstrates that the intended integration is incompatible with high-standard privacy models. The objection was not political. It was architectural. Android permits deeper telephony access. iOS does not. As a result, Indian citizens who rely on more affordable Android devices will be exposed to levels of state-integrated access that would be technologically impossible on iPhones.
The policy thus creates a two-tier privacy regime based not on constitutional protections but on economic capability.
Governance gaps magnify the structural harm
Digital rights organisations, including the Internet Freedom Foundation, argue that the Sanchar Saathi mandate lacks adequate legal safeguards, as reported by The News Minute. India still lacks a fully independent data protection regulator with robust investigative powers. Without such an authority, assurances that data will be used only to prevent fraud remain unenforceable.
The Sanchar Saathi privacy policy states that user data may be shared with law enforcement when “required by law,” a clause devoid of statutory specificity. Without judicial oversight, mandatory transparency reports, access logs or data retention limits, this clause risks becoming an open conduit for expanded surveillance.
Historically, systems introduced for narrow safety purposes have often widened in scope once integrated into state infrastructure. Without independent regulatory checks, mission creep becomes a predictable risk rather than a remote possibility.
Metadata architecture cannot be separated from political context
Intent and capability must be viewed separately. While the government may intend only to prevent fraud, the architecture it has mandated enables population-level metadata capture. Once such a system exists, future governments, intelligence agencies or law enforcement units may find ample incentives to expand its use.
A system-level application present on every smartphone becomes an attractive instrument for political profiling, protest monitoring, counter-terror operations or targeted social control. Absent strong institutional constraints, these incentives tend to prevail over initial assurances.
Democracies therefore build systems with inherent limitations rather than trusting voluntary restraint. A right that depends on discretion is not a right. It is a privilege that can be revoked.
Proportionate alternatives already exist
According to official CEIR documentation, IMEI verification and device blocking already operate through web platforms and SMS commands. These services do not require deep telephony permissions.
A more proportionate design would include making Sanchar Saathi entirely opt-in, restricting its permissions to camera access for barcode scanning and network access for reporting, publishing its full source code for independent audit, imposing statutory limits including judicial oversight for any law-enforcement access and prohibiting manufacturers from placing the app in system partitions.
These measures would preserve the legitimate aim of fraud prevention while avoiding the hazards of systemic device-level integration.
The issue is not intent. It is architecture.
According to the government, Sanchar Saathi is a digital safety tool. According to the directive, it is a compulsory system-level component. According to the minister, it is optional. According to its permissions, it exposes sensitive metadata. According to industry analyses, it violates privacy architecture norms. According to civil society, it lacks sufficient oversight.
All of these claims cannot be true at the same time.
India is at a decisive moment. The country can choose a rights-respecting model of cyber safety, grounded in transparency, consent and minimal privilege. Or it can choose a model that embeds a permanent state interface into the personal devices of more than a billion people. In its current form, Sanchar Saathi moves India toward the latter. That path requires far greater scrutiny before it becomes internalised as normal.
A democracy protects citizens not only from fraud but also from the silent expansion of unregulated state power. To maintain that balance, the Sanchar Saathi mandate must be reconsidered and redesigned with constitutional principles at its core.
