Takeaways from the Sanchar Saathi saga: Cybersecurity policy must be evidence-driven, non-arbitrary, transparent

INDIA’S DEPARTMENT OF TELECOMMUNICATIONS (‘DoT’) recently quietly ordered all smartphone makers to pre-install its new “Sanchar Saathi” cybersecurity app on every phone sold in India. 

The directive, under the Telecom Cyber Security Rules, instructed manufacturers to push the app to new devices. Once this came to light, opposition leaders, privacy advocates and tech companies immediately raised alarms. Sanchar Saathi, analysts alleged, was a potential snooping app - a Big Brother tool whereby the state could peer into citizens’ phones. But, after public discontent, the government has backed off. On December 4, days after the original directive, the government announced that the pre-installation of Sanchar Saathi would not be mandatory and that the app remains voluntary and privacy-protective.

CERT-In, India’s cyber emergency response team, reported a sharp rise in cyber incidents (from about 15.9 lakh cases in 2023 to over 20.4 lakh in 2024), and the National Cyber Crime Reporting Portal saw over 1.23 lakh related cybercrime cases reported in 2024. Crime statistics are no longer confined to rare news articles – in the Lok Sabha, the Home Ministry noted over 2.05 lakh police-registered cybercrime cases between 2021 and 2023. The government argues that Sanchar Saathi would give ordinary users tools to fight this scourge at the grassroots: blocking stolen phones by IMEI, flagging duplicate SIMs, reporting spam or spoof calls and more. 

But as this clash over the app’s rollout shows, any intrusion into India’s vast mobile network also raises deep questions about legal authority, consent and who controls our data.