Skip to main content

Sanchar Saathi app Hero or spy? The line between safety and surveillance just got blurry.

The Indian telecom department describes Sanchar Saathi as a citizen-centric tool that "brings robust security features and fraud-reporting capabilities directly to users' smartphones. The app complements the existing Sanchar Saathi portal by providing convenient, on-the-go protection against identity theft, forged KYC, device theft, banking fraud, and other cyber risks.’’

Last week, the Department of Telecommunications ordered mobile manufacturers and importers to facilitate the availability and accessibility of the Sanchar Saathi app on devices for users in India.

According to my research, the Indian government had asked companies such as Apple, Samsung and Xiaomi to pre-install the app within 90 days. Reports also said that Apple was unlikely to oblige to the diktat from the government.

The directive, as expected, created a wide outrage with privacy advocates raising concerns over the government overreach and possibilities of government snooping. The move also met criticism from the key opposition leaders who have also demanded rolling back the directive. Though, the government has denied the charges of possible snooping. A senior tech researcher said

‘’The Government has no business being in citizens' lives and their phones. While this may have been rolled back, SIM binding mandate is still a major concern that will make citizens lives harder. A very bad architectural decision that will not solve the problem. If DOT is serious about solving the issue, it should address major fraud vectors such as social engineering like phishing, smishing, remote access apps SIM swap, mule bank account, fake loan apps, cross border call centres. These require financial network controls, not a phone side app,"  

Moreover, Internet Freedom Foundation, a digital rights organization, in an elaborated post said that the problems deepen when we look at the scope and safeguards. The order invokes "telecom cyber security" as a catch all justification, but it does not define the functional perimeter of the app. Clause 5 of the Directions refers to identifying acts that "endanger telecom cyber security," an expression so vague that it invites function creep as a design feature, not a bug. Today, the app may be framed as a benign IMEI checker. Tomorrow, through a server-side update, it could be repurposed for client-side scanning for "banned" applications, flag VPN usage, correlate SIM activity, or trawl SMS logs in the name of fraud detection.

"Nothing in the order constrains these possibilities. In effect, the state is asking every smartphone user in India to accept an open ended, updatable surveillance capability on their primary personal device, and to do so without the basic guardrails that a constitutional democracy should insist on as a matter of course. IFF is deeply concerned with this direction that sets up a precedent to enforce client-side scanning on all smartphones in India and calls for its recall,"

Labels:

Popular posts from this blog

ChatGPT-5 Is Powerful and Fast, But It Can’t Replace Software Engineers!

  As someone who’s been following tech closely for over a decade, I’ve seen countless innovations come and go but few have stirred as much excitement and debate as ChatGPT. ChatGPT has developed, and launch ChatGPT 5, it genuinely seems that the enhancements have significantly slowed down. Previous iterations led to significant advancements in AI capabilities, particularly in assisting with coding. However, the enhancements now seem minor and somewhat gradual. It feels as though we’re experiencing diminishing returns in the extent to which these models improve at truly substituting real coding tasks. The vast majority of people say that AI is going to replace software engineers very soon. Yes, AI can perform simple activities and support routine activities, but where there are intricate things like planning the system, tackling more challenging problems, grasping actual business needs, and collaboration with others, it hasn't been able to catch up yet. T hese require creativity...
Read more

Instagram Security Risk

Recently, attackers took over high-profile Instagram accounts, including the official Obama’s White House account and a United States Space Force chief officer. The attacker didn't break any Instagram code or crack passwords. They convinced Meta's own AI support chatbot to hand over the accounts. Meta uses an AI-powered support chatbot to help users recover locked accounts, change recovery emails, and handle account issues. The chatbot is trained to verify identity through questions and decide whether a request looks legitimate. Attackers figured out how to manipulate that decision making process. Video Credit-  x.com/chetaslua The attack consists of four main steps. Step 1: The attacker contacts Meta's AI support chatbot claiming to be the legitimate owner of a target account. They simply use Instagram's help interface and start an account recovery conversation. For high-profile targets, attackers use publicly available information such as display names, profile bios, ...
Read more

A Simple PDF Tool Outpaced Giants by doing the basics faster, cleaner, and better than anyone else.

  I am going to break down the story of a tool that I'm willing to bet you've used, but whose incredible business journey you probably know nothing about. Honestly, this is a master class for any founder looking to build something valuable from scratch. I am calling it the Bootstrapper’s Playbook. A Wild Reality Check Let’s just start with a wild fact. There's a website out there, a deceptively simple one, that in places like India pulls in more traffic than Amazon. I'm serious. Millions and millions of people rely on it every single day. Any guesses? It's iLovePDF. If you've ever needed to quickly merge, split, or compress a PDF file, you've almost definitely landed on this site. But what most people have no idea about is how this massive global platform was built. And that is where the real story begins. Born from Frustration So, let's go all the way back to the beginning. Because this whole thing wasn't born from some grand business plan or a fanc...
Read more