Reference Article: Editorial | The Hindu – Zero stars: On the Sanchar Saathi app
UPSC Relevance:
– GS III – Internal Security
India is witnessing a surge in highly sophisticated cybercrimes, ranging from digital arrests to large-scale cross-border fraud networks. Criminals exploit loopholes in the telecom–device ecosystem, forcing the government to introduce new directives aimed at plugging security gaps. These responses, however, raise significant privacy and proportionality concerns.
Why Cybercrime Has Become Harder to Tackle
- Messaging accounts remain active even after SIM removal, letting criminals operate anonymously.
- Widespread IMEI spoofing/tampering frustrates device-level tracking.
- Cross-border scam infrastructure operating from conflict zones increases complexity.
These gaps have enabled impersonation scams, large digital extortion networks, and fraud syndicates targeting Indian citizens.
Government’s Recent Directives
- SIM Binding (Nov 28, 2025)
- Messaging accounts must automatically deactivate when the physical SIM is removed.
- Intended to curb impersonation and “digital arrest” frauds.
- May disrupt user experience on apps like WhatsApp, which rely on flexible multi-device models.
- Mandatory Pre-installation of Sanchar Saathi App (Dec 1, 2025)
- All new devices must include the app by March 2026 for IMEI verification.
- App must be visible, accessible, and non-disablable during device setup.
Concerns & Risks
- Enhanced OS-level privileges could allow intrusive access (camera, SMS, phone logs).
- High misuse potential, especially given past allegations of state-led surveillance (Pegasus episode).
- Privacy risk magnified: a compromised app could expose millions to hostile cyber actors.
- Ambiguity: Despite ministerial assurances of deletability, the directive text mandates otherwise, creating mistrust.
Legal & Proportionality Issues
Under the Supreme Court’s Puttaswamy (2017) privacy judgment, any state action must satisfy:
- Legality
- Necessity
- Proportionality
The directive fails proportionality because:
- Less intrusive alternatives already exist —
- Sanchar Saathi web portal
- SMS/USSD-based IMEI verification
- Backend telecom coordination
- Mandating a persistent system-level app is not the least restrictive option.
Privacy-first companies like Apple reportedly refusing compliance underscores concerns over excessive state access.
Conclusion
India urgently needs stronger cybersecurity measures, but solutions cannot compromise fundamental privacy rights. The Sanchar Saathi pre-installation directive, despite good intentions, risks creating a surveillance infrastructure disproportionate to the threat, undermining constitutional safeguards. A calibrated, privacy-respecting approach using existing verification channels would better balance security and civil liberties.