‘A permanent surveillance backdoor’: Why Sanchar Saathi app order raises privacy fears

The Union government's direction on Friday that all mobile handsets sold in India should have a state-owned app pre-installed has elicited alarm from lawyers and digital rights groups, who contend that this could allow the authorities to spy on citizens.

The government requiring its Sanchar Saathi app to be forcibly installed on all mobile phones is a “serious breach of privacy”, said Prateek Waghre, former Executive Director of Internet Freedom Foundation, a Delhi-based digital rights think tank.

“With complete disregard for their consent, people aren't being given a choice to prevent the forced installation of this application,” he said.

Bharat Chugh, Delhi-based lawyer and former civil judge, described the order as “Orwellian”, given the scope for state snooping. “A non-removable app which may have access to calls, messages, and storage risks creating a permanent surveillance backdoor,” he said.

The government claimed that its order under the Telecom Cyber Security Rules, 2024, is part of a broader push to “curb the misuse of telecom resources in cyber frauds” and to strengthen “telecom cyber security” across the country. Specifically, the order lays out that it would prevent spoofing of a device's international mobile equipment identity number: a 15-digit number unique to each mobile phone.

Till now, the Sanchar Saathi app could have been downloaded voluntarily. Government data claims that more than one crore Indians are already using the app.

Apart from forcible installation on new phones, the government directive orders device manufacturers to make sure none of the app's features can be “disabled or restricted”. For phones that have already been made and are currently being sold in India, it says that “manufacturers and importers” should install the app “through a software update”.

Though purportedly intended only to prevent IMEI spoofing, the Sanchar Sathi app, once installed, can take pictures and videos, read call logs, view as well as send SMSes, read and write into the phone's storage and even control the phone's torch.

The Internet Freedom Foundation said in a statement that “forcing every smartphone to carry a permanent government app for a simple verification task is excessive and violates the Puttaswamy proportionality standard”.

The standard to which they were referring was established in 2017, when a nine-judge bench of the Supreme Court of India unanimously held in Justice KS Puttaswamy (Retd) v Union of India that the right to privacy is a fundamental right.

The Supreme Court ruled that any restriction on privacy must be supported by a valid law, serve a “legitimate public purpose” such as national security or public interest and be “proportionate”, meaning the intrusion is necessary, limited and uses the “least intrusive way” to achieve the goal.

The Internet Freedom Foundation stated that even if one assumes the government's order is legal and necessary for checking whether a phone's IMEI number is genuine, it “fails the proportionality test”. This is because the government already has other, less intrusive tools to verify IMEI numbers without needing a permanent app on every device.

Supreme Court lawyer Sanjay Hegde agreed. “As per KS Puttaswamy, the extent of intrusion can only be that which is necessary,” he said. “Here in the garb of security, the intrusion is vast, unfettered, unguided and is totally disproportionate. The app ought to be struck down on that account.”

The nature of a modern mobile phone and the vast access it has to private data makes this order very troubling, experts said.

“Tomorrow, an upgrade could mean the state has access to virtually your digital self and you will have no autonomy at all,” explained Ashish Goel, a lawyer based in Delhi and an expert in constitutional law.

Bharat Chugh said that without clear legal limits or a strong data protection law, forcing Sanchar Saathi risks turning every smartphone into a surveillance tool without any guardrails. “While preventing handset fraud is undoubtedly a legitimate objective, this approach is far from the least intrusive option available,” he said.

This level of state surveillance might be unprecedented in a democracy. “To the best of my knowledge, no other liberal, democratic country have attempted such a measure under the guise of cyber safety,” Prateek Waghre of the Internet Freedom Foundation said, describing it as the start of a new wave of app-based government surveillance. “This also potentially paves the way for the government of India mandating installation of even more intrusive and problematic applications in the future.”

There is a serious issue of consent, Chugh pointed out. “In the digital age, meaningful consent requires real choice,” he said. “Here, users cannot opt out, uninstall, or restrict the app, which erodes both privacy and autonomy by reducing individuals to passive subjects of state surveillance.”

In addition, Chugh noted that the directive is opaque and provides no clear legal framework for such sweeping control over a user's mobile device. “It has not been debated in Parliament, and there is no judicial or independent oversight to govern the app's operation, future updates or data use,” he said. “This absence of procedural safeguards is deeply troubling.”

Apar Gupta, a lawyer in Delhi and founder-director of the Internet Freedom Foundation, explained that the app itself might lead to more digital vulnerabilities. “Putting a single, privileged government app on hundreds of millions of devices creates a very attractive target,” he told Scroll. “Any vulnerability or misconfiguration in that app becomes a systemic risk, not an isolated bug.”

The Internet Freedom Foundation said the concerns grow more intense when the order's scope and lack of safeguards are examined. The government uses “telecom cyber security” as a broad justification, but does not clearly define what the app is allowed to do, it said.

It added that rules also refer to preventing acts that “endanger telecom cyber security”, a vague phrase that could allow the app's functions to expand over time.

According to Internet Freedom Foundation, while the app may currently appear to be a basic IMEI checker, an update could easily turn it into a tool to scan a user's mobile phone allowing for the government to detect VPN use, track SIM activity, read SMS logs or track apps it has banned.

VPNs or virtual private networks securely connect users to the internet, protecting them from being tracked or their data being taken.

On social media, founder and editor of technology policy website Medianama, Nikhil Pahwa, illustrated just what this ability to control a user's mobile phone would look like. “A government application can also be used to implant files on your device,” he said. “[It] has happened before, in the Bhima Koregaon case where documents were allegedly put on laptops and used to frame a conspiracy.”

The Bhima Koregaon case relates to the investigation and arrests that followed violence on January 1, 2018, near the village of Bhima-Koregaon in Maharashtra. The violence broke out a day after the Elgaar Parishad, an event in Pune organised by activists, lawyers, and cultural groups to mark a historic Dalit victory over the Maratha army in 1818.

A report by a US-based digital forensics firm said that a hacker planted 22 incriminating files on accused activist Rona Wilson's computer after the Bhima-Koregaon violence in January 2018, Article 14 reported in 2021.

These files were later used by the Pune police and then the National Investigation Agency as key evidence, leading to the arrest of Wilson and 15 others, including lawyers, academics and musicians in the case, the report said.

Source: Scroll
Related Posts: How your sleep direction impacts your energy Shah Rukh Khan Reveals Bobby Deol Complained About Aryan Khan's Direction Judicial direction to reduce GST on air purifiers violates separation of powers TVK moves SC against Madras HC's SIT probe direction Trump says Europe ‘not heading in the right direction’ as he addresses Davos summit amid standoff over Greenland Apple’s chosen direction for all things incoming Soccer-Juventus heading in right direction Union Budget 2026 Date Set For Sunday As Key Panel Clears Parliament Calendar Date, time and where to watch the Union Budget speech live Bigger problem is stunning silence of Union Govt