Daybreak - The Government wants to be on your phone. It's not asking nicely
Episode Date: December 3, 2025The Indian government quietly mandated that all smartphones sold in the country must come pre-installed with Sanchar Saathi, a state-owned cybersecurity app that users cannot delete or disabl...e.The app tracks lost phones and blocks stolen devices. But it requires deep permissions. It can read messages, access phone data, make calls, and view photos. Privacy advocates warn these permissions could be expanded overnight to scan for banned apps, flag VPN use, or monitor SMS patterns.The directive was sent secretly to manufacturers like Apple and Samsung, giving them 90 days to comply. Apple has already indicated it won't follow the mandate, citing privacy concerns.Only a handful of countries have tried similar measures—Russia, China, and North Korea, which puts India in uncomfortable company. Host Rachel Varghese digs into what's going on.Tune in.Take this survey to share your best AI prompt.Daybreak is produced from the newsroom of The Ken, India’s first subscriber-only business news platform. Subscribe for more exclusive, deeply-reported, and analytical business stories.
Transcript
Discussion (0)
Hi, this is Rohan Dharma Kumar.
If you've heard any of the Ken's podcasts, you've probably heard me, my interruptions, my analogies,
and my contrarian takes on most topics.
And you might rightly be wondering why am I interrupting this episode too.
It's for a special announcement.
For the last few months, I and Sita Raman Ganeshan, my colleague and the Ken's deputy editor,
have been working on an ambitious new podcast.
It's called Intermission.
We want to tell the secret sauce stories of India's greatest companies.
Stories of how they were born, how they fought to survive, how they build their organizations and culture,
how they manage to innovate and thrive over decades, and most importantly, how they're poised today.
To do that, Sita and I have been reading books, poring over reports, going through financial statements, digging up archives,
and talking to dozens of people.
And if that wasn't enough, we also decided to throw in video into the mix.
Yes, you heard that right.
Intermission has also had to find its footing in the world of multi-camera shoots in professional studios, laborious editing, and extensive post-production.
Sita and I are still reeling from the intensity of our first studio recording.
Intermission launches on March 23rd.
To get alert, as soon as we release our first studio recording,
episode, please follow intermission on Spotify and Apple Podcast or subscribe to the Ken's
YouTube channel. You can find all of the links at the ken.com slash I am. With that, back to your
episode. Imagine you're hit by a wave of 90s nostalgia and you try to stream, say, Karate
Kin for old time's sake, only to realize that it's not available in India, at least not on the
standard OTT trifecta of Prime, Hot Star and Netflix.
The apps that most of us are usually subscribed to.
So you decide to take a legal but slightly questionable route.
You know, use a VPN to access another country's catalogue.
But then, as you boot up your VPN, you realize that the service you pay for is blocked
or flagged.
And not by just anyone.
By the Indian government.
Okay, so don't worry.
This isn't a reality.
At least not yet.
But this is the future
several users and internet privacy advocates are fearing right now.
These fears have been sparked by a recent secret mandate
that the Department of Telecommunications sent out to smartphone manufacturers in the country.
It wanted smartphone makers to start selling phones with a pre-installed state-owned cyber security app.
The app is called Sanchar Sati,
which loosely translates in English to communication companion.
The app's crowning feature that the government is touting is its ability to track lost or stolen phones.
It also lets users block stolen devices or numbers across networks so that they can't be misused anywhere in India.
And if someone does try, the police would be immediately alerted.
So the new mandate was communicated to manufacturers privately last Friday.
This week, in fact, just this Monday, Reuters broke the news.
In the government directive to smartphone manufacturers,
Sanchar Sati was to be pre-installed and users would not be able to restrict, disable or deleted.
For phones already in circulation, the app would be pushed via software updates.
The government has given manufacturers like Apple, Samsung, Vivo and Xiaomi a 90-day timeline to comply.
Or else, they will have to pay the price.
The app permissions go deep.
It can read your messages and access your phone data.
The Internet Freedom Foundation, a Delhi-based digital rights group,
noted in its statement regarding this mandate that it all seemed a little unregulated.
Today, the app could exist as a simple application that authenticates the phone and its user.
But nothing in the order clearly prevents it from changing overnight.
Tomorrow, with an update on the server end,
the app could be used to scan your phone for banned apps, flag VP,
in news, track SIM activity or even read SMS patterns in the name of fraud control.
Yes, that's a hypothetical.
And of course, the government's reasons seem sound, even noble enough.
Digital fraud and spam is increasingly becoming a problem and disproportionately affecting underserved communities.
So what exactly is making everyone else oppose this cybersecurity measure?
Welcome to Daybreak, a business podcast from the Ken.
I'm your host, Richard Wilkes, and every day of the week, my co-host, Nynitha Sharma and I,
will bring you one new story that is worth understanding and worth your time.
Today is Wednesday, the 3rd of December.
First, let's get into what Sanchar Sati actually does.
It was launched in 2023 as a web portal for consumers to report the rising cases of phone theft and telecom fraud.
The mobile app was launched in January this year.
It essentially functions as a lost phone tracker.
Not too different from Apple's Find My Phone.
or Samsung's smart things find.
But its standout feature is that you can block your stolen phone's IEMI number through the app itself.
An IEMI or International Mobile Equipment Identity is essentially a unique 15-digit ID assigned
to every mobile phone.
It kind of works like a fingerprint for your device.
Networks use it to identify your phone.
So once you block it through Sanchar Sathi, no one can use it, even with a different SIM.
Users can also report malicious web links, spam numbers and check if cloned versions of their IEMI numbers are out there.
Or if people have bought SIM cards in your name.
It's actually an impressive application and popular too.
Since its launch as an app, it's helped recover 7 lakh lost phones,
blocked nearly 4 million stolen devices and stopped 30 million fraudulent mobile connections.
But for Sancha Sati to do what it does and do it well, it needs some really deep permissions for your device.
It's inherently a tracking app.
And of course, we regularly consent to apps tracking are every move all the time.
But the keyword here is consent.
So imagine if that consent is entirely ignored and your latest phone is now converted into what the Internet Freedom Foundation, or IFF calls,
a vessel for state-mandated software that the user cannot meaningfully refuse control or remove.
A screenshot of the app permissions are also doing the rounds.
It shows that the app can make and manage phone calls, send SMSes, read SMS and call logs,
scanned photos and files, and use the camera.
On top of all these permissions, if the app is supposed to be easily visible and accessible,
which was one of the requirements in the directive, it would need root-level permissions into your phone.
Basically, similar to all your system apps that cannot be disabled.
But what's concerning is the lack of clarity from the government on what exactly happens to the data.
More on this in the next segment.
The whole reason behind pre-installing the app is that it's supposed to drive widespread adoption.
The government doesn't want to rely on voluntary installs anymore.
It feels like there just isn't enough awareness for that to happen.
And so, this directive.
But what has everyone on edge is a question.
combination of factors. First, this was a secret order that went out directly to smartphone
manufacturers. Executives have reportedly said that the industry was not consulted at all before
the mandate was released. Second, it's a lack of privacy guardrails that the app comes with.
The IFF pointed out that Sanchar Sati status as a system app allows it to exist without the
protections that stop apps from seeing what's up in the other applications on the phone.
Now that it's supposed to be a mandatory application on all cell phones,
it's all the more reason to show up its privacy policies,
or at least promise that the showing up will happen before this pass release.
But there's no acknowledgement of the holes in these policies either.
For example, tests have revealed that all the permissions we listed earlier are considered dangerous.
The privacy policy claims that the app won't take personal data without telling you,
and that any information it does ask for will be protected.
It will only be shared with law enforcement when and if required.
But it's still a thin policy.
It doesn't spell out user rights, offer a way to correct or delete your data,
or even say how long or where any information is stored.
Not just that.
While the app store listing claims that Sancha Sati does not collect user data,
that's actually just not true.
The app clearly obviously gathers personal details,
from your phone number to your photos, call logs and even SMS information.
So, of course, the backlash has been widespread.
And it's coming from everywhere.
Stay tuned.
Congress leaders like Priyanga Gandhi and Casey Venu Koppal
called it a snooping app and a dystopian tool for surveillance respectively.
The Internet Freedom Foundation claimed, and I'm quoting here,
Sanchar Sati app is disproportionate for attending to cybercrime,
legally fragile and structurally hostile to user privacy and autonomy.
What that basically means is that it seems
kind of unnecessary to have a permanent app for the eventuality of fraud or theft.
And considering the weak privacy policies,
it's actually kind of counterintuitive for a cybersecurity app
to have unrestricted access to your data, especially without your express content.
Now, in response to the backlash, some parts of the statements have already been rolled back.
Yesterday, on the 2nd of December,
Telecom Minister Jotra Dityas Kindya clarified some aspects of the update.
He said that users could in fact delete it.
This directly contradicts the mandate that the Department of Telecommunications had issued to companies.
But he continued to insist that if users don't register on the app, it would just remain dormant.
He repeated that the main aim of having the app rolled out like this was to increase the awareness of its existence, not to spy on users.
Still, the pushback is only gathering steam.
Apple has already indicated it won't comply with this.
the mandate. It stated that pre-installed state-owned apps go against the privacy and security
standards it follows throughout the world. Meanwhile, Sancha Sathie's real world performance,
though impressive, isn't exactly spot-free. Users have reported registration failures,
verification glitches, and issues with the Know Your Connections feature, which has often
failed to fetch all the numbers related to a person's identity. Basically, in case SIM cards
have been bought using your identity without your knowledge.
On a global scale, only a handful of countries have tried anything similar.
Russia mandated a state-backed messaging app.
China has made compulsory the install of an app that tracks keyboard usage.
North Korea had an app that limited users to the country's intranet,
and South Korea had a short-lived experiment with mandatory content filters for minors.
So, except for South Korea's content filter experiment,
all of these examples are, well, in the surveillance heavy territory,
which is exactly what makes India's decision
an unusually uncomfortable comparison.
Daybreak is produced from the newsroom of the Ken
India's first subscriber-focused business news platform.
What you're listening to is just a small sample of our subscriber-only offerings.
A full subscription offers daily long-form feature stories,
newsletters and a whole bunch of premium podcasts.
To subscribe, head to the Ken.com
and click on the red subscribe button on the top of the Ken website.
Today's episode was hosted and produced by my colleague Rachel Vargis
and edited by Rajiv Sien.