Sanchar Saathi: Cyber Security or Cyber Panopticon?

After concerted pushback from users, privacy groups and mobile phone manufacturers, the Narendra Modi government has withdrawn its directive to compulsorily install its "modified" Sanchar Saathi app on all mobile phones. The app, initially intended for tracking stolen or lost phones, would have turned the mobile phone into an instrument for tracking the user and monitoring who he or she was talking to, their emails, and whatever was stored on the mobile.

In other words, a Pegasus equivalent app was to be installed on all mobile phones, with access to all data on the phone that cannot be removed or disabled by the user. Bharat Chugh, a lawyer and former civil judge, calling it Orwellian, said that a non-removable app that has access to calls, messages, and storage risks creating a permanent surveillance backdoor in our devices.

The original purpose of Sanchar Saathi—to locate a misplaced or stolen phone—was quite simple. A mobile has a device number, an International Mobile Equipment Identity number or IMEI, independent of the mobile number in your SIM. The Sanchar Saathi system tracks both the IMEI and the SIM numbers on any mobile device. If you have reported your mobile as lost or stolen, the IMEI number is immediately blacklisted in the Indian telecom network, and can be used only after the phone is recovered and restored to its owner.

This use of the Sanchar Saathi app had drawn no serious objections from users or the pro-privacy community. The app had a clear and narrowly defined purpose, and its installation and use were also voluntary. The problem was the expansion of the app's ambit from merely a location-tracking app for a misplaced or stolen mobile to a full-fledged surveillance tool. Such a tool would ensure that whatever the user did on the phone or online could be monitored: where he/she went physically or met—whether in person or online—could be tracked by the app.

Worse, users had no way to shut down or remove the app from their phones. In other words, the proposed Sanchar Saathi would transform the app's role from locating a mobile phone on the network to monitoring its location, turning it into a listening device that transmits this information to government authorities as desired. It would also monitor and allow government authorities to access all the user's communications on the phone, regardless of the app: WhatsApp, Signal, etc.

There are 10 central agencies, as well as the state government's police, that can tap your phone conversations, but only after due process and authorisation by the Central or state Home Secretary. Therefore, any person under the scanner for whatever reason can have his or her phone officially tapped.

What the new Sanchar Saathi app proposed went far beyond tapping into conversations people were having on the telephone network. It makes it possible for the authorities to even tap into the phone's camera or microphone, track its GPS location, and the presence of other phones in its vicinity, thereby creating a truly all-seeing eye of the State on any phone user.

Consent to install the app would not even be required; per the government's instructions, it would have been compulsorily pre-loaded by phone manufacturers on all phones sold in India. Bentham's Panopticon would then truly come to life in today's digital world, with all citizens continuously under the eye of the all-seeing state!

Jeremy Bentham, an English philosopher and jurist, considered how to construct a prison that would allow guards to continuously watch prisoners, thereby enforcing discipline. His concept was a panopticon, an architecture that would have all the prisoners under the gaze of the guards at all times. Interestingly, most prisons today have cameras, and even those under trial are under constant camera surveillance. So, Bentham's Panopticon has been achieved not through architecture but through advances in modern surveillance tools.

So, what does the existing Sanchar Saathi app do, and what were the new functionalities proposed by Department of Telecommunication or DoT, which, under public pressure, have now been withdrawn?

In an interview with The Wire, Apar Gupta of the Internet Freedom Foundation, says that using the current Sanchar Saathi app and the website, you "get to know who all are using a mobile number under your name or also if the handset you're using is genuine or not." The IMEI number, the unique identifier on the handset being sold to you, does it match the actual handset which is there on the Sanchar Saathi website, and therefore original, or whether, as we Indians say, it is a "duplicate".

What the new Sanchar Saathi proposed was to convert the cameras, microphones and the location of our phones themselves into tools of our surveillance. The mobile phone, as we know, is highly versatile. It works as a camera and a microphone and can track itself using the Global Positioning System (GPS). The proposed Sanchar Saathi app on the phone would have allowed it to access all permissions to any data on the phone.

Medianama writes, "The App requests excessive permissions, including access to contacts, audio, call data and storage modification. These permissions could potentially allow the app to install or delete files on the device, and the developers do not explain why the app requires them."

In other words, if the app's purpose is only to locate a missing or stolen device, or to verify the authenticity of your mobile device, does it require all the access controls that the DoT was asking mobile manufacturers to implement?

The DoT directive requires manufacturers to pre-install the app and prevent users from deleting or turning it off: users cannot delete or turn it off, even temporarily. The app effectively forces the mobile device to continuously monitor the user and send such data back to the Sanchar Saathi website. It would then allow the app installed on your phone to spy on you and send all this information to the government. The directive issued to mobile manufacturers, apparently on November 21, 2025, became public due to a Reuters report.

For reasons best known to the government, such a significant change in the rules was neither opened for public discussion nor disclosed to Parliament. We will not discuss here whether such substantial changes to the rules, impinging on users' rights, can be made by the government, that too in such a surreptitious manner. It was only when some of the manufacturers, Apple and Samsung, objected to the app being pre-installed that the issue became public.

Why did the mobile phone manufacturers object to the app? Their objections were two-fold. One was that it would degrade the performance of the mobile device significantly and also create many more security "holes", as it effectively provides an official backdoor in the device.

Two, such a notification does not account for the app's feasibility, security implications, the bandwidth required to continuously send this data, the performance loss due to the app sending data back to the website, or the battery drain that can degrade the phone's performance. As users, we also have the additional question: would we also have to pay the telecom operators for data charges for data transmitted back to the government while the phone snoops on us?

What about the security of the app itself? Who would verify that it was not easily hackable and, therefore, make it easier for cyber criminals to hack our phones? Instead of protecting us from criminals, would it actually provide a backdoor, not only for the government agencies, but also for cyber criminals?

Mishi Choudhry, an internationally known lawyer dealing with internet and telecom law, points out, "Pre-installed apps anyway present much more security risks considering the broad permissions they require." She added that this move from the government "is a very concerning move and totally alters the balance between user autonomy on what we buy, and state-imposed security."

While all the above issues are important, what is even more vital is that such a significant change in the architecture of our telecom system was sought to be carried out without even a discussion in Parliament, which would have opened it to some external scrutiny. It was simply a directive from the Ministry to all mobile manufacturers that either manufacture or sell mobile phones in India to install this app.

Similarly, the government has reportedly asked the mobile manufacturers to enable satellite-based location tracking for "better surveillance". We also need to understand the legal framework governing telecom laws and whether our privacy laws—as detailed in the Puttaswamy Judgement—permit such an invasion of our privacy.

The public outcry and pressure from phone manufacturers have led the government to withdraw its directive. The ham-handed approach, which does not even involve tech experts or manufacturers in discussions on safety, efficiency, and even practicality, may have backfired on the government. But the issue of compulsory installation of surveillance tools on our mobile phones remains on the horizon. Only a vigilant public can protect its freedom from such governmental overreach.