In a significant policy reversal, the Indian government has abandoned its controversial plan to mandate smartphone manufacturers to preinstall the state-developed Sanchar Saathi cybersecurity application. The decision follows substantial public outcry and expert warnings about potential privacy violations and security vulnerabilities associated with forced installation.
The Sanchar Saathi platform, developed by India’s Department of Telecommunications, was designed to combat mobile-related crimes by enabling users to block lost or stolen devices, verify mobile device authenticity, and monitor SIM cards registered under their identity. The system integrates with national telecom databases to address SIM-swapping fraud and identity theft crimes.
Cybersecurity experts universally praised the government’s reversal while acknowledging the application’s legitimate security purposes. Agam Chaudhary, Founder and CEO of Two99, explained that preinstalled applications typically operate with privileged system-level access that users cannot revoke, creating potential backdoors for unauthorized data collection. ‘In cybersecurity, control equals safety,’ Chaudhary emphasized. ‘The less control a user has over their own device, the more fragile the ecosystem becomes.’
Technical analysis revealed the application required extensive permissions including access to call logs, SMS messaging capabilities, camera functions, device storage, and network connectivity. Morey Haber, Chief Security Advisor at BeyondTrust, noted that such broad access could enable the collection of rich metadata regardless of privacy policy limitations—a concern previously raised about social media platforms like TikTok.
Obaidullah Kazmi, Founder & CTO of CREDO Technology Services, characterized the withdrawal as ‘the right call,’ stating that ‘security tools handling sensitive data must be built on transparency and trust rather than compulsion.’
The voluntary approach appears successful thus far, with telecommunications ministry data indicating approximately 14 million users have voluntarily downloaded the application, reporting roughly 2,000 fraud cases daily. Experts suggest this demonstrates that security and privacy need not be mutually exclusive when users maintain autonomy over their digital environments.