The Indian government’s decision to mandate the Sanchar Saathi application on every smartphone sold or activated in the country marks a significant and worrisome shift in how the state positions itself inside the personal devices of over a billion citizens.
On 28 November 2025, the Department of Telecommunications ordered all handset manufacturers and importers to pre-install the Sanchar Saathi application on every phone intended for the Indian market, ensuring the app is visible and functional from first boot. Devices already manufactured or already in circulation must receive the app via software updates, with manufacturers given 90 days to comply and 120 days to submit formal adherence reports.
The initiative itself, launched in May 2023, is presented as a consumer-protection measure: a tool to verify whether a device’s IMEI is genuine, to block cloned or blacklisted identifiers, to report stolen phones, and to flag potential telecom fraud. The government argues that unchecked IMEI tampering and the illegal resale of stolen phones harm both telecom security and consumers. In isolation, these aims appear benign.
But what appears on paper as an anti-fraud initiative is, in practice, a compulsory state-owned software layer embedded deep into a user’s phone. This raises profound concerns about privacy, consent, and expanding surveillance power.
Another way to locate stolen devices
Unlike voluntary device-tracking frameworks such as Apple’s Find My or Android’s Find Hub, Sanchar Saathi does not offer users a choice. Find My and Find Hub are opt-in services that individuals enable if they wish to locate lost or stolen devices, relying on Bluetooth, encrypted communication, and crowdsourced networks capable of detecting devices even when offline.
Apple’s system, for example, uses rotating Bluetooth identifiers that only the owner’s devices can decrypt, using cryptographic safeguards intended to prevent Apple or third parties from linking those signals to a specific user.
Yet even these privacy-first systems are not flawless. Research has revealed that Apple’s “Offline Finding” protocol — the precursor to Find My — could, under particular design or implementation failures, permit correlation attacks that de-anonymize users or expose movement histories.
Similar scrutiny of Samsung’s Bluetooth-based locating infrastructure showed that a vendor or operator could, in principle, de-anonymize devices and their finders if metadata is aggregated or retained, enabling forms of tracking that were never intended by end users.
Against this background, a mandatory, OS-level government-run surveillance app, which is tied directly to IMEI verification, device identity, and centralised databases, represents a dramatically different paradigm. This is not a user-chosen convenience layer but state-mandated software that can, even if unintentionally, create pathways for monitoring which device belongs to whom, how devices move, when they are active or inactive, and how they interact with telecom networks.
The ease with which Bluetooth identifiers, network metadata, or IMEI-based registries can be correlated only amplifies that risk. In effect, the mandate transforms a phone into a more visible object within the state’s digital infrastructure.
A divergence in global thinking
If one were to look for global best practices on how world governments approaches cyber fraud issues, a pattern emerges. In most democracies, including the U.S. and much of Europe, device-security services are optional, and user consent is treated as a foundational principle. Users choose to enable Apple’s or Google’s locating systems; governments do not compel handset makers to install state tracking tools.
By contrast, some countries with strong state control over digital ecosystems have taken the opposite route. Earlier in 2025, Russia compelled all smartphones to preinstall a state-backed messaging app, a decision widely criticised for enabling mass state surveillance and eroding digital privacy norms.
The justifications in those contexts often revolve around national security, fraud prevention, or misuse control, but the effect is the expansion of state capability to monitor communications, device patterns, and citizen behaviour.
Placed on this global map, India’s move aligns more closely with the latter group than the former. Though the Sanchar Saathi mandate is framed as a technical safeguard for telecom networks, it deepens state presence in personal devices and lowers the threshold for continuous government visibility into citizens’ digital lives.
Over time, such mandated software layers can reshape expectations of privacy and normalise forms of monitoring that were previously considered intrusive.
This new directive forces a fundamental question: even if Sanchar Saathi reduces theft or counterfeit device circulation, is it proportionate for a state to embed itself so deeply into the personal devices of its population, and to do so without offering any meaningful choice?
Published – December 02, 2025 01:34 pm IST