The Centre’s directive to smartphone makers on preinstalling the state-developed Sanchar Saathi app on handsets has raised privacy and surveillance concerns over several grey areas that the department of telecommunications (DoT) has not addressed.
Seen in isolation, the initiative, originally launched as a portal in May 2023 and as an app in January this year, comes across as consumer-friendly as it allows smartphone users to check whether a device’s IMEI (a unique code for every handset) is genuine, report stolen phones and flag potential telecom fraud.
The objective appears benign until the moment an app is mandated to be preloaded on phones. Reuters reports that Apple does not plan to comply with the mandate and will convey its concerns to the government.
All companies have been given 90 days to comply with the directive sent privately to smartphone manufacturers.
Barring a handful of essential apps such as Camera, Settings, App Store, Safari (browser), Messages, Photos and Phone, almost everything can be uninstalled from iPhones.
Many Android phones come with preloaded non-essential apps called Potentially Unwanted Programmes or bloatware. They include games, streaming services and social media networks. Some of these apps may not be updated often to offer the latest security features.
Further, Apple has its own device-tracking framework called Find My to allow users to track their lost or stolen devices. Android has a feature called Find Hub, which serves a similar purpose. Both services are voluntary and rely on encrypted communication and crowdsourced networks to detect devices even when offline. Both can be deleted or not activated at all.
Communications minister Jyotiraditya M. Scindia on Tuesday defended the app. “If you do want it on your phone, keep it. If you want to delete it, delete it,” he said outside Parliament.
On X, he posted in Hindi that users could choose to activate the app and benefit from it or delete it from their phone. The minister did not clarify whether manufacturers still need to preinstall the app.
Some of the app’s functions, such as blocking a stolen/lost mobile, unblocking a mobile and IMEI verification, can also be accessed on the government’s Central Equipment Identity Register (CEIR) website, raising questions about the necessity of having it preloaded on phones.
According to the Reuters report, companies must install the app via software updates on devices that have already been manufactured or are in use.
In the app’s privacy policy for iOS, users are asked to grant permission to access the camera “while scanning the barcode of IMEI”, and photos and files while “reporting call/SMS or report lost/stolen mobile handset”.
For Android, users are asked to share call/SMS logs, send messages for registration, make and manage phone calls “to detect mobile numbers in your phone” and grant access to cameras and photos.
A close look at the app reveals that it doesn’t allow users to request the deletion of their data. Also, it is unclear how long it stores the data it has access to.
The government says criminals often clone or spoof valid IMEI numbers onto stolen devices, making it impossible to track them or block hardware. “India has a big second-hand mobile device market,” the DoT said in a statement.