The Department of Telecommunications (DoT) recently directed smartphone companies to preload all new devices with Sanchar Saathi under the Telecommunication Cybersecurity Amendment Rules 2025, sparking privacy concerns.
According to Reuters, the government confidentially asked phone makers to ensure that the app is not disabled. As for devices that are already sold, manufacturers have been asked to push the app via software updates within 90 days. However, Apple has already said that it does not plan to comply with the mandate.
In a statement, the Internet Freedom Foundation said that the decision to preload all smartphones with the Sanchar Saathi app “converts every smartphone sold in India into a vessel for state mandated software that the user cannot meaningfully refuse, control, or remove. For this to work in practice, the app will almost certainly need system level or root level access, similar to carrier or OEM system apps, so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from peering into the data of others, and turns Sanchar Saathi into a permanent, non-consensual point of access sitting inside the operating system of every Indian smartphone user.”
What is Sanchar Saathi?
Available on both Android and iOS, the Sanchar Saathi app was launched earlier this year in January. According to the website, the app offers numerous services like blocking a stolen phone, reporting fraud calls and messages and checking mobile connections under one’s name. Following backlash, Jyotiraditya Scindia, the Union Minister for Communications, said that consumers buying mobile phones preloaded with the Sanchar Saathi app will have the option to delete it.
While there is a sizeable number of Indian consumers using iPhones, a majority of the population still owns Android devices. On Android phones, the Sanchar Sathi app reportedly asks for a bunch of permissions, some of which are used by critical system applications.
Some of these permissions include reading and sending SMS, accessing call logs, using the internet, viewing the phone’s state and identity (such as phone number and serial number), checking whether a call is active and which number it is connected to, viewing network status, and writing to external storage. It also asks for camera permission to scan the barcode of the IMEI to check if a phone is genuine or stolen.
Apps like Truecaller, Zomato and many others also request similar permissions, but they can be removed at any time since they’re classified as user apps. However, if Sanchar Saathi comes pre-installed on devices, it will be treated as a system app, meaning it won’t need explicit permission from users to access sensitive information.
Story continues below this ad
Sanchar Saathi asks for a lot of sensitive permissions. (Express Photo)
A cause for concern?
While certain permissions, such as monitoring network states, are often flagged as dangerous, they are required for core functions like locating your device, which Sanchar Saathi provides. The app’s Play Store listing clearly outlines the permissions it requests and explains the reasons behind each one, as can be seen in the image above.
Sanchar Saathi’s FAQs state that the app automatically registers phone numbers on Android devices without the user’s explicit consent and can automatically send a registration message to the Department of Telecommunications. Smartphone makers have also raised concerns that complying with the directive would require significant operating system changes.
Although developers say the app does not collect personally identifiable information, its privacy policy still worries experts. There is no option to request corrections, no explicit mention of data deletion, no opt-out option, and no clarity on data retention timelines.
Are iPhone users safe?
On iPhones, the Sanchar Saathi app cannot automatically send the registration messages, as users are required to manually press the send button to initiate the process. Moreover, on iOS, the app cannot get permissions to make and manage phone calls and read SMS, thanks to Apple’s closed ecosystem. However, it can access photos, files and the camera.