“Sanchar Saathi is a snooping app,” Priyanka Gandhi, a scion of the Congress Party and its general secretary, wrote on social media.
“There’s a very fine line between reporting fraud and seeing what every citizen of India is doing on their phone.”
The app can track phone locations, and Gandhi and other critics of Modi regard it as a tool of mass surveillance.
The Government later appeared to be backpedalling.
Jyotiraditya Scindia, the Minister of Communications, said that while “this app exists to protect them from fraud and theft”, it was also “completely optional”.
“If you don’t wish to register, you shouldn’t register and can remove it at any time,” he told reporters outside the parliament building.
But Nikhil Pahwa, a digital policy analyst in New Delhi, said he was taking the Government at its original word.
The order said that phone manufacturers, including Apple, Samsung and Xiaomi, would be responsible for ensuring that the app’s “functionalities are not disabled”.
There are more than one billion phones active in India, and cybercrime is proliferating.
The Government counted 2.3 million “cybersecurity incidents” last year, more than double the number two years before.
Fraud, committed on a mass scale and often from superclusters in rural areas, is the biggest part of the problem. In 2024, a government portal tracked US$2.6 billion ($4.5b) in losses.
Pahwa noted that the Sanchar Saathi app, installed at the operating system layer of a phone, can in principle do much more than track locations.
“There’s nothing to suggest this app cannot be used to pull out data,” including messages, sound and images, he said.
Since the Government exempted itself from India’s Digital Personal Data Protection Act in 2023, there is no clear legal basis to prevent it from gathering individuals’ information.
“When the Government forces a special app, with special powers, onto every new phone, it is effectively putting its own lock inside your house,” said Apar Gupta, a lawyer and a founder of the Internet Freedom Foundation.
“You lock your front door because you are entitled to safety and privacy,” he added.
“The same logic applies to digital life. Asking for safeguards and limits is about making sure state power is accountable.”
Russia recently started preloading a state-owned messaging app onto its citizens’ phones.
The Russian Government called it a measure to combat fraud, as India has done with Sanchar Saathi.
Apple and other phone manufacturers may resist pressure to ship its products with the app preinstalled.
Apple has tangled with Modi’s Government over privacy issues before, such as when the company sent an alert to some iPhone users in the opposition that their phones may have been subjected to “state-sponsored” surveillance.
Those alerts were prompted when several governments, including India’s, bought access to Pegasus, a spyware program developed by NSO, an Israeli cyberintelligence company, to monitor private citizens through their phones.
A list of hundreds of Pegasus targets within India was leaked to a non-profit in 2021. It included politicians in Congress, journalists, Tibetans, human rights activists and ministers from Modi’s own party.
The Government denied having used it, but a committee formed by India’s Supreme Court to investigate the matter was forced to disband in 2022, because “the Government of India has not co-operated,” said NV Ramana, the chief justice at the time.
Pahwa noted that “apps for cybersecurity can also become apps for cybervulnerability”.
Connecting every Indian’s data to a single app “creates a single point of failure, from a hacking standpoint”, he said.
For years, “the Government of India has been collecting and linking datasets together without creating silos between them”, Pahwa said, which has paved the way for forms of fraud that exploit a victim’s personal information to gain confidence.
This article originally appeared in The New York Times.
Written by: Alex Travelli and Pragati KB
Photographs by: Anindito Mukherjee
©2025 THE NEW YORK TIMES
