Sanchar Saathi
Based on Wikipedia: Sanchar Saathi
In May 2023, a new digital tool arrived in India under the banner of benevolence, bearing a name that translates to "Communication Partner." Launched as a web portal by the Department of Telecommunications (DoT), Sanchar Saathi was introduced to a nation grappling with a staggering surge in cybercrime and the black market for stolen electronics. The government's pitch was straightforward and ostensibly protective: India possessed a massive second-hand mobile device market, a fertile ground where stolen or blacklisted phones were routinely re-sold, turning unwitting purchasers into abettors of crime and victims of financial loss. The promise was that this "citizen-centric" safety tool would allow users to check a device's International Mobile Equipment Identity (IMEI), report lost phones, and block them from the network, effectively turning the phone itself into a dead weight for thieves. By December 2025, according to official government data, the platform had helped recover more than 700,000 lost or stolen devices, with users reporting approximately 2,000 fraud incidents daily. On paper, it was a triumph of digital governance.
But beneath the surface of these recovery statistics lay a darker architecture of surveillance and control that would soon ignite one of the most significant debates regarding privacy in modern Indian history. What began as a voluntary portal for verifying device legitimacy evolved into a mobile app in January 2025, carrying with it a permissions list that would make any security expert pause. Under its stated privacy policy, Sanchar Saathi was not merely a passive checker of serial numbers; it demanded the authority to make calls, read call logs, send and view messages, access device storage, track location in real-time, and activate the camera. These were not permissions for a simple verification tool; they were the keys to the entire digital life of the user. While the DoT insisted these powers were necessary to prevent fraud, the trajectory of the project suggested something far more ambitious: a state-backed mechanism capable of turning every smartphone in India into a potential node of observation.
The Architecture of Surveillance
To understand the gravity of what unfolded in late 2025, one must first understand the legal and technical scaffolding that made it possible. The backdrop was the Telecommunications Act 2023, which redefined the term "telecommunications" with a breadth that conferred wide-ranging powers upon the government. While officials initially assured the public that this expansive definition would not be a license for overreach, the legislative reality told a different story. By November 2024, an amendment to the Telecom Cyber Security Rules further expanded these definitions and introduced a new, chilling concept: the Telecommunication Identifier User Entity (TIEU). This innovation effectively tethered every user's identity directly to their phone number in a manner that stripped away anonymity, enabling the state to personally identify individuals through their devices with unprecedented ease.
Sanchar Saathi was the operational arm of this legal shift. It was not just an app; it was a mechanism designed to enforce compliance in a market where the line between a legitimate second-hand buyer and a receiver of stolen goods had become dangerously blurred. The government argued that without such intervention, the innocent purchaser of a phone bought from a street vendor could unknowingly facilitate the financing of organized crime rings. "India has [a] big second-hand mobile device market," the DoT stated in an official defense of the project. "Cases have also been observed where stolen or blacklisted devices are being re-sold. It makes the purchaser [an] abettor in [the] crime and causes financial loss to them." This framing was compelling, designed to resonate with a citizenry increasingly anxious about digital theft and fraud.
However, the technical implementation of Sanchar Saathi raised alarms that went far beyond the scope of preventing stolen phones from being resold. The Internet Freedom Foundation (IFF), a leading Indian digital rights advocacy organization, dissected the app's requirements and found them to be fundamentally disproportionate. For an application to function as mandated—specifically, to ensure it could not be deleted or disabled—it would almost certainly need root or system-level access, comparable to that of carrier or manufacturer applications. This level of access is rare for third-party software; it is the kind of privilege reserved for the operating system itself. By embedding Sanchar Saathi at this depth, the government would effectively strip away the usual security mechanisms that protect a user's data from other malicious actors.
The IFF warned that once embedded with such permissions, the app would have the capacity to access data belonging to other applications on the phone. This created a potential backdoor not just for checking IMEI numbers, but for trawling through SIM activity, SMS logs, and potentially client-side scanning for banned applications or flagging VPN usage. The concern was that Sanchar Saathi could evolve via server-side updates into a comprehensive surveillance tool, far exceeding its original mandate of fraud prevention. The distinction between a "safety tool" and a "surveillance state instrument" became dangerously thin when the software in question demanded access to every aspect of a user's digital existence under the guise of protection.
The Mandate That Wasn't Supposed to Happen
The tension between security and privacy reached its breaking point on November 28, 2025. In a move that caught both the technology sector and civil society off guard, the Bharatiya Janata Party government, led by Prime Minister Narendra Modi, issued a private directive to mobile manufacturers. The order was sweeping in its scope and absolute in its requirements. It demanded that all major phone makers—including Apple, Samsung, Xiaomi, Vivo, and Oppo—pre-install the Sanchar Saathi app on every new device sold in India.
This was not a suggestion or a recommendation for voluntary adoption; it was a mandate with teeth. The order carried a strict 90-day deadline for compliance. More critically, it contained explicit provisions that fundamentally altered the relationship between the user and their device. The directive required that the app be visible and accessible to users immediately upon first use or during the initial device setup. It explicitly forbade users from deleting the application, disabling its functionalities, or restricting any of its broad powers in any way.
The implications were staggering. For millions of Indians who purchased new smartphones, the government was no longer just a regulator on the outside looking in; it was an unremovable presence inside the device's core operating system. The order effectively mandated that every smartphone sold in the country become a permanent host for a state application with access to calls, messages, location, and camera feeds. The logic of "preventing fraud" had been stretched to justify the creation of a ubiquitous surveillance infrastructure that could not be opt-ed out of by the citizen it was purportedly protecting.
The reaction from the technology sector was immediate and severe. Apple, which has built its global brand on privacy as a fundamental human right, reportedly did not plan to comply with the order. Sources within the company indicated that such a mandate would violate their internal policies against the pre-installation of third-party software in iPhones and pose unacceptable risks to the security and integrity of the iOS ecosystem. "Apple can't do this. Period," one insider was quoted as saying, signaling a potential standoff between the world's most valuable technology company and the Indian government.
Similarly, Google faced an impossible choice. The order would have required Google to create a custom version of Android specifically for India, a forked operating system that included Sanchar Saathi at the system level. Such a requirement was described by industry observers as "not acceptable to the company," threatening to fracture the global Android ecosystem and set a dangerous precedent for how governments could dictate software architecture on consumer devices.
The Political Firestorm
If the technology sector balked, the political opposition in India erupted. The mandate sparked a firestorm of criticism that transcended typical partisan bickering, tapping into deep-seated anxieties about state power and individual liberty. K. C. Venugopal, a general secretary of the Indian National Congress, the main opposition party, did not mince words. He labeled the order "beyond unconstitutional," characterizing it as a dystopian surveillance tool that represented a fundamental betrayal of democratic principles.
"Big Brother cannot watch us." — K. C. Venugopal
Venugopal's invocation of George Orwell was not hyperbole; it reflected a genuine fear that India was sliding toward a reality where privacy was no longer a right but a privilege granted by the state, and one that could be revoked at will. Priyanka Gandhi, another general secretary of the Congress party, went further, terming Sanchar Saathi a "snooping app" and accusing the government of steering the country toward dictatorship. The rhetoric was sharp because the stakes were perceived to be existential for civil liberties in the digital age.
Uddhav Thackeray, the former Chief Minister of Maharashtra, drew a parallel that struck at the heart of global surveillance debates: he compared Sanchar Saathi to Pegasus spyware. Pegasus had been the subject of international scandal after it was revealed that a sophisticated piece of malware could turn smartphones into mobile bugs, allowing attackers to read messages, listen to calls, and track location without the user's knowledge. While Sanchar Saathi was an official government application rather than a covert hack tool, Thackeray argued that the effect was the same: the total compromise of the device's security for the sake of state access.
The legal community also raised alarms. Sanjay Hegde, a senior advocate at the Supreme Court of India, argued that the order used "security as a pretext" for an intrusion that was "vast, unfettered, unguided and [...] totally disproportionate." He called for the app to be struck down on these grounds, invoking the landmark 2017 judgment in Puttaswamy v. Union of India. In that decision, the Supreme Court had affirmed that the right to privacy is a fundamental right under the Constitution of India. The IFF echoed this sentiment, stating that forcing every smartphone to carry a permanent government app for a simple verification task violated the "proportionality standard" established in Puttaswamy.
The proportionality test requires that any state intrusion into privacy must be necessary, suitable, and the least restrictive means to achieve a legitimate aim. Critics argued that while preventing stolen phone resale was a legitimate aim, mandating an unremovable app with access to call logs and cameras was neither necessary nor proportional. Less invasive methods existed, such as voluntary IMEI checking or network-level blocking without the need for deep system integration. The mandate, they argued, was a solution in search of a problem, or worse, a pretext for a power grab that had nothing to do with fraud prevention.
The Government's Defense and the Reality of Control
In the face of this mounting backlash, Jyotiraditya Scindia, the Union Minister of Communications, attempted to calm the waters. He dismissed allegations of snooping or call monitoring, comparing Sanchar Saathi to other pre-installed mobile apps like Google Maps. "These apps can be deleted if users wish," he argued, suggesting that the fears were overblown and that the government had no intention of creating a surveillance state.
However, Scindia's defense crumbled under scrutiny. First, on many phone brands, particularly those running Android, pre-installed system applications cannot be deleted by users; they can only be "disabled," which leaves the code on the device and the permissions intact. Second, and more damningly, the November 28 order explicitly contained provisions preventing users from deleting or disabling the Sanchar Saathi app. This was not a standard pre-installation; it was an unremovable mandate. When pressed on whether his remarks applied to the situation after the order took effect, Scindia offered no clarification. He made no comment on the specific provision that would strip users of their ability to remove the software.
The government's attempt to frame the issue as a matter of convenience rather than control was further undermined by the political maneuvering in Parliament. When Congress member Renuka Chowdhury submitted an adjournment motion notice in the Rajya Sabha, seeking to suspend all other matters to discuss the Sanchar Saathi controversy, Kiren Rijiju, the Union Minister of Parliamentary Affairs, accused the opposition of "manufacturing issues" to stall session proceedings. This dismissal of legitimate privacy concerns as political theater only served to deepen the distrust between the citizenry and the state apparatus.
The narrative being pushed by the government was one of benevolence: a tool to protect the poor from fraud, to secure the economy, and to modernize governance. But the mechanism chosen—a mandatory, unremovable app with system-level access—suggested a different priority. It prioritized the state's ability to see everything over the citizen's right to control their own device. The "Communication Partner" was becoming less of a partner and more of a warden.
The Retreat
The convergence of technical impossibility, legal challenges, public outrage, and corporate resistance created an untenable situation for the government. Apple had made it clear that they would not comply, citing privacy and security concerns that could not be negotiated. Google was unlikely to create a custom version of Android just for India under such restrictive terms. The opposition in Parliament was using the issue to rally public opinion, and civil society organizations were preparing legal challenges that could take years to resolve but would undoubtedly damage the government's reputation globally.
Recognizing the magnitude of the backlash, the government executed a strategic retreat. On December 3, 2025, just days after the initial order was issued and five days before the Christmas holiday season, the mandate was revoked. In a press release that seemed almost perfunctory given the intensity of the preceding debate, the government stated: "Given Sanchar Saathi's increasing acceptance, Government has decided not to make the pre-installation mandatory for mobile manufacturers."
The withdrawal of the order was a victory for privacy advocates and a stark reminder of the limits of state power in a globalized digital economy. It confirmed that while the government could pass broad laws like the Telecommunications Act 2023, it could not simply dictate the architecture of private technology without consequence. The "dystopian" future envisioned by critics had been narrowly averted, but the episode left deep scars on the trust between Indians and their digital infrastructure.
The Sanchar Saathi app remains in existence. As of December 2025, it continues to operate as a voluntary tool, having recovered hundreds of thousands of lost devices. The statistics are real; the fraud incidents reported are genuine. Yet, the shadow of the November 28 order lingers over its operations. The permissions granted to the app—access to call logs, messages, location, and camera—are still there, waiting for a future where the political climate might shift or where "security" might again be used to justify overreach.
The story of Sanchar Saathi is not just about a failed mandate; it is a case study in the modern struggle for digital sovereignty. It highlights the tension between the legitimate need to combat crime and the seductive, dangerous path of total surveillance. The government's initial argument—that without this app, citizens would unknowingly buy stolen phones—was a powerful narrative. But the solution they proposed was so invasive that it threatened the very fabric of privacy rights enshrined in the Constitution.
In the end, the "Communication Partner" proved to be an unwanted roommate, one who demanded access to every drawer and every conversation, insisting on staying forever no matter how much the homeowner asked them to leave. The fact that they were eventually told to step back does not erase the memory of what was attempted. It serves as a warning: when the state's definition of safety expands to include total visibility, the cost is nothing less than freedom itself.
The events of late 2025 in India stand as a testament to the resilience of civil society and the importance of holding power accountable. The IFF, the opposition parties, the Supreme Court advocates, and even global tech giants like Apple played a role in drawing a line in the sand. They demonstrated that while technology can be used to connect and protect, it must never be allowed to enslave. The Sanchar Saathi saga may have ended with a retreat, but the principles it tested—privacy, proportionality, and consent—are battles that will continue to be fought as long as governments seek to control the devices in our pockets.
The digital landscape of India remains a contested space. The Telecommunications Act 2023 still stands, with its broad definitions and sweeping powers. The TIEU concept still exists, linking identities to phone numbers with unprecedented precision. Sanchar Saathi is still there, waiting for users to download it voluntarily. But the memory of November 28, 2025, remains a cautionary tale. It reminds us that in the race for security, we must never forget what we are willing to surrender. The phone in your hand is not just a tool; it is an extension of your self. To make it a permanent home for the state, without your consent and against your will, is to redefine the nature of citizenship itself.
The story does not end with the revocation of the order. It evolves. As new technologies emerge and threats shift, the temptation for governments to expand their digital reach will only grow. The Sanchar Saathi episode provides a blueprint for how such overreach can be challenged, but it also underscores the fragility of privacy in an era where the line between protection and surveillance is increasingly blurred. The "Communication Partner" may have been asked to step back, but the question remains: what other partners are quietly waiting in the wings?
The human cost of this digital arms race is not measured in lost phones or financial fraud, but in the erosion of trust. Every time a government attempts to turn a device into a spy tool, it damages the relationship between the state and its people. The citizens of India did not lose their privacy on December 3, 2025, because of the revocation; they lost something far more subtle: the assurance that their digital lives were truly their own. Rebuilding that trust will take years of transparent governance, robust legal frameworks, and a relentless commitment to the principle that security should never come at the expense of liberty.
In the grand tapestry of India's digital evolution, Sanchar Saathi is a thread that almost turned black before being rewoven into a lighter shade. But the stain of what was attempted remains visible for those who know how to look. It serves as a permanent reminder that in the age of algorithms and data, the most important defense we have is not a firewall or an encryption key, but the collective will to say "no" when the state asks too much. The phone is yours. Your life is yours. And no app, no matter how well-intentioned its name, should ever be allowed to take that away without a fight.