Mint Explainer | What was behind the now-on, now-off Sanchar Saathi decisions

Sanchar Saathi is a spam-reporting portal. Experts questioned how the app would proactively protect users against cyber fraud, while the Centre maintained its decision to make it mandatory was in response to rising digital scams across the country. Now that the application is optional again, a key question is: Can Sanchar Saathi meaningfully crack down on digital scams in India? Mint explains.

What was the thinking behind a mandatory app?

Launched in May 2023, Sanchar Saathi, developed and maintained by DoT, is a platform that allows users to voluntarily report loss or theft of mobile phones and duplication of SIM cards.

In March last year, the ministry of communications expanded its usage through ‘Chakshu’, a platform to report fraud and spam callers, with law enforcement and telcos using it to blacklist callers and devices.

On 28 November, the DoT issued notifications to phone brands, asking them to mandatorily pre-install Sanchar Saathi as an app on smartphones within 90 days. The DoT said that “mobile handsets bearing duplicate or spoofed IMEI pose serious endangerment to telecom cyber security". IMEI or international mobile equipment identity is a unique 15-digit number that identifies each mobile device.

The Centre claimed that Sanchar Saathi does not collect personal data, despite the application requesting permission to access user call logs and read SMSes.

Union telecom minister Jyotiraditya Scindia told reporters on Tuesday that the Centre is responsible for making citizens aware of the app, and that it is “designed to protect them from digital frauds and theft".

On Wednesday, the Centre said in a statement that Sanchar Saathi will no longer be a mandatory application to install on smartphones. “Just in the last one day, 6 lakh citizens have registered for downloading the App which is a 10x increase in its uptake. This is affirmation of faith by citizens on this App for protecting themselves provided to them by the Government. Given Sanchar Saathi’s increasing acceptance, the Government has decided not to make the pre-installation mandatory for mobile manufacturers," the department of telecommunications (DoT) said.

What changed on the mandatory condition?

The original notification, a copy of which Mint has seen, said that phone brands must ensure that Sanchar Saathi’s functionalities “are not disabled or restricted." This created concerns around government-backed surveillance.

The DoT had softened its tone on Tuesday. Scindia, speaking with reporters after a Parliament session, said, “The app is completely optional. If you want to delete it, you can. If you don’t wish to register, you shouldn’t and can remove it anytime."

A senior official added that the mandate to not disable the app was “directed only for brands, not users".

Controversy erupted after brands stated that they would seek discussions with the Centre, and privacy lawyers questioned the intent of making a government-backed application mandatory.

On Wednesday, Sanchar Saathi, which remains available on Google’s Android Play Store and Apple’s iOS App Store, was announced as a voluntary choice.

What next for Sanchar Saathi?

The Centre has not clarified if there will be further discussions. Given that the decision to make the application mandatory has been nullified, brands will no longer be required to comply with the directive within 90 days. Existing smartphones should not receive any forced downloads of the app in future software updates.

The move came after people close to Apple, Google and Samsung on Monday told Mint they were evaluating ways to push back against the diktat, citing both compliance concerns, as well as a potential breach of user privacy and the right to choose.

Could Sanchar Saathi really block out scammers in the first place?

Sanchar Saathi is a voluntary reporting platform where users can register complaints if they receive fraud calls. Privacy experts believe Sanchar Saathi is not a cybersecurity tool, and thus cannot really block cyber criminals.

Sumeysh Srivastava, partner at policy consultant The Quantum Hub (TQH), said that the app “can’t automatically scan IMEIs without user inputs, and even if it could, anyone looking to commit fraud could simply use older devices or root their phones to remove the app."

Phone brands, hence, raised concerns that the app isn’t truly useful for what it was claimed to be, thus raising state-backed surveillance concerns.

Are surveillance fears justified?

Experts called the move “intrusive" at the least. TQH’s Srivastava, said the app accesses call logs, SMS messages and camera—each of which involve personal data.

N.S. Nappinai, senior counsel at the Supreme Court, said, “The government’s hasty action violating constitutional fundamentals and its attempts now at digressing from its own directions with respect to disabling or restricting the functionalities of the app are both most unfortunate."

A second senior cyber security lawyer, requesting anonymity, added that mandatorily installing the app is “quite the opposite of what the new privacy law promised, irrespective of Sanchar Saathi surveilling citizens or not."

DoT, late on Tuesday, claimed on X that Sanchar Saathi “collects no personal data and tracks nothing." The lawyer cited above countered that it would be “technically impossible to crack down on calls without collecting and tracking personal data."

Nappinai further said that the Sanchar Saathi debacle “will definitely be seen to dilute the Centre’s own stand on data minimisation and its seriousness with respect to State complying with data protection laws."

“Seeking an individual’s permission before installing an app, and telling them they have the liberty to uninstall—do not stand on the same footing. One follows consent frameworks, whereas the other first violates and then claims to give an opt-out. For instance, if I cannot update software before permitting the app to be downloaded on my phone, my right to consent is already violated. The question of first forcing me to download an app and to then ask me to delete it is obviously specious and untenable," she added.