SFLC.in’s Statement on Sanchar Saathi App
On 28th November 2025, the Department of Telecommunication issued a direction mandating the pre-installation of the Sanchar Saathi App (“App”) on all mobile handsets manufactured or imported for use in India, ostensibly to verify the genuineness of mobile handsets. Simultaneously, for all devices manufactured or in sales channels, the app is to be pushed by way of software updates. The App allows the user to report suspected fraud communication, block lost/stolen devices, know all mobile numbers issues in their name with the ability to flag unauthorized connections, know the genuineness of the device through IMEI scanning, and to report international calls made with Indian numbers. Through the App, the government intends to verify device authenticity, block stolen phones, track lost devices, identify fraudulent SIM- linked connections and curb black market resale of phones. While these are legitimate concerns, forcing a State-run app onto every device does not meaningfully solve the problems in question, but rather puts users at higher risk by placing large quantities of their sensitive data accessed through overbroad system permissions on the servers of a single application.
Upon installation, the App requests several permissions, including access to call and SMS logs, the ability to- send SMS messages, read SMS or MMS, grant read access to users call logs, read phone state and identify phone management, camera and file access, to enable automated reporting and device verification and read/modify/delete external storage contents. According to the DoT, these permissions allow the app to prefill details when reporting suspicious communications, send the required registration SMS, upload documentation for stolen-device reports, and scan IMEI barcodes.
By forcing it to be pre-installed on every new phone, and also not allowing users to uninstall the App, under the guise of ‘safety’, the government will have access to the vast amounts of data collected by the application. There are prima facie concerns of function creep, as the application cannot be deleted or uninstalled by users. Future updates could quietly expand the app’s capabilities, deepen integration with law-enforcement databases, or enable background telemetry far beyond users’ expectations. The mandatory pre-installation impinges on the element of user consent by disallowing them the right to choose the application and also undermines user privacy. If users have no ability to uninstall or effectively disable the app, consent becomes a mere formality. Instead of opting into a government service, users are forced to accept the State’s presence on their phones. Further the App likely fails the test of proportionality laid down in the case of Justice K.S. Puttaswamy v. Union of India (2017). According to the test of proportionality any intrusion to the right to privacy must meet the standards of legality, legitimate state aim, necessity and proportionality. A pre-installed App with expansive powers to collect data causes intrusion to digital personal life of citizens beyond the purpose it serves to achieve ,especially when users are not given a meaningful choice to opt out. The Direction noticeably fails the test of necessity, by ignoring less-intrusive measures. Several alternative measures are available to address the problem of cybercrime and fraud- including the Sanchar Saathi web portal, and various government platforms and helplines available online to report cybercrime and frauds. The Direction and the App also fail to highlight awareness building measures- which are equally important to tackle the issue of cybercrime and frauds.
Further, even if, as some news reports suggest, users may eventually be able to delete the app, the problem of coerced pre-installation remains. Not every user has the digital literacy to understand permissions, manage privacy settings, or even realize the implications of such access. Once forced onto devices, the imbalance of power between the State and the user cannot be undone by the option to delete later. Furthermore, the presence of a mandatory App by the government on every device increases concerns of surveillance and data mining, and heightens fear for journalists, minority communities, and human rights defenders. The presence of such an App itself can exacerbate a chilling effect on users and such users may censor themselves or limit their engagement in digital civil spaces in the fear of unwarranted access to sensitive information.
Adding a mandatory system-level app on all devices also creates significant cybersecurity risks, as any vulnerability within the system can be exploited at scale. A single loophole in Sanchar Saathi could expose millions of phones to hacking, data theft, or the injection of spyware, particularly because attackers routinely target pre-installed apps precisely due to the fact that users cannot remove them.
SFLC.in urges the Department of Telecommunication to halt operationalisation of the Direction and reconsider its severe implications on democratic governance, maintenance of public trust and transparency from the State, towards the people of India.
About SFLC.in
SFLC.in is the first Indian legal services organization that works exclusively on technology, law, and policy. As a not-for-profit organization engaged in the empowerment of Indian citizens of their digital freedom and rights, it operates as a collective bringing together different stakeholders to a common platform to further the cause of digital rights. We promote innovation and open access to knowledge by helping policy makers make informed and just decisions regarding the use and adoption of technology.
2nd December 2025
