Skip to main content

Sanchar Saathi app Hero or spy? The line between safety and surveillance just got blurry.

The Indian telecom department describes Sanchar Saathi as a citizen-centric tool that "brings robust security features and fraud-reporting capabilities directly to users' smartphones. The app complements the existing Sanchar Saathi portal by providing convenient, on-the-go protection against identity theft, forged KYC, device theft, banking fraud, and other cyber risks.’’

Last week, the Department of Telecommunications ordered mobile manufacturers and importers to facilitate the availability and accessibility of the Sanchar Saathi app on devices for users in India.

According to my research, the Indian government had asked companies such as Apple, Samsung and Xiaomi to pre-install the app within 90 days. Reports also said that Apple was unlikely to oblige to the diktat from the government.

The directive, as expected, created a wide outrage with privacy advocates raising concerns over the government overreach and possibilities of government snooping. The move also met criticism from the key opposition leaders who have also demanded rolling back the directive. Though, the government has denied the charges of possible snooping. A senior tech researcher said

‘’The Government has no business being in citizens' lives and their phones. While this may have been rolled back, SIM binding mandate is still a major concern that will make citizens lives harder. A very bad architectural decision that will not solve the problem. If DOT is serious about solving the issue, it should address major fraud vectors such as social engineering like phishing, smishing, remote access apps SIM swap, mule bank account, fake loan apps, cross border call centres. These require financial network controls, not a phone side app,"  

Moreover, Internet Freedom Foundation, a digital rights organization, in an elaborated post said that the problems deepen when we look at the scope and safeguards. The order invokes "telecom cyber security" as a catch all justification, but it does not define the functional perimeter of the app. Clause 5 of the Directions refers to identifying acts that "endanger telecom cyber security," an expression so vague that it invites function creep as a design feature, not a bug. Today, the app may be framed as a benign IMEI checker. Tomorrow, through a server-side update, it could be repurposed for client-side scanning for "banned" applications, flag VPN usage, correlate SIM activity, or trawl SMS logs in the name of fraud detection.

"Nothing in the order constrains these possibilities. In effect, the state is asking every smartphone user in India to accept an open ended, updatable surveillance capability on their primary personal device, and to do so without the basic guardrails that a constitutional democracy should insist on as a matter of course. IFF is deeply concerned with this direction that sets up a precedent to enforce client-side scanning on all smartphones in India and calls for its recall,"

Labels:

Popular posts from this blog

ChatGPT-5 Is Powerful and Fast, But It Can’t Replace Software Engineers!

  As someone who’s been following tech closely for over a decade, I’ve seen countless innovations come and go but few have stirred as much excitement and debate as ChatGPT. ChatGPT has developed, and launch ChatGPT 5, it genuinely seems that the enhancements have significantly slowed down. Previous iterations led to significant advancements in AI capabilities, particularly in assisting with coding. However, the enhancements now seem minor and somewhat gradual. It feels as though we’re experiencing diminishing returns in the extent to which these models improve at truly substituting real coding tasks. The vast majority of people say that AI is going to replace software engineers very soon. Yes, AI can perform simple activities and support routine activities, but where there are intricate things like planning the system, tackling more challenging problems, grasping actual business needs, and collaboration with others, it hasn't been able to catch up yet. T hese require creativity...
Read more

A Simple PDF Tool Outpaced Giants by doing the basics faster, cleaner, and better than anyone else.

  I am going to break down the story of a tool that I'm willing to bet you've used, but whose incredible business journey you probably know nothing about. Honestly, this is a master class for any founder looking to build something valuable from scratch. I am calling it the Bootstrapper’s Playbook. A Wild Reality Check Let’s just start with a wild fact. There's a website out there, a deceptively simple one, that in places like India pulls in more traffic than Amazon. I'm serious. Millions and millions of people rely on it every single day. Any guesses? It's iLovePDF. If you've ever needed to quickly merge, split, or compress a PDF file, you've almost definitely landed on this site. But what most people have no idea about is how this massive global platform was built. And that is where the real story begins. Born from Frustration So, let's go all the way back to the beginning. Because this whole thing wasn't born from some grand business plan or a fanc...
Read more

Security Flaw in India's Income Tax Portal Exposes Sensitive Taxpayer Data

A major security vulnerability in India's income tax filing portal has been fixed, TechCrunch reported. The flaw, discovered by security researchers Akshay CS and "Viral" in September, allowed logged-in users to access real-time personal and financial information of other taxpayers. This included sensitive details such as full names, home addresses, email addresses, dates of birth, phone numbers and bank account information. Exposed Aadhaar numbers of individuals The security flaw in the income tax filing portal also exposed Aadhaar numbers, a unique government-issued identification number used for identity verification and accessing government services. TechCrunch verified the data by allowing researchers to search its records on the portal. The researchers confirmed on October 2 that the vulnerability had been patched. Discovery process Researchers found bug while filing tax returns The researchers found the security flaw while filing their recent income tax return on...
Read more