Clipped from: https://www.thehindubusinessline.com/info-tech/what-happens-if-govt-gets-access-to-your-phone/article70349994.ece
Pro-privacy groups slam Govt for seeking blanket permission for phone data
If data is shared, private players could use message content for unauthorised data mining or real-time identity theft
Even as Telecom Minister Jyotiraditya Scindia assures that activation of the Sanchar Sathi app is optional for phone users, pro-privacy groups and activists flag potential privacy violations.
The clause that mandates the application be “readily visible”, and that its functionality not be disabled or restricted, is intrusive, they contend.
“The Government, if gets permission to read phone status and identity of the users, can use the persistent link between the device’s unique IMEI and the user’s identity for continuous surveillance. If shared, private players could use this data for unauthorised profiling or hyper-targeted marketing,” a pro-privacy activist told businessline.
Asked about the intricacies in the required permissions, he said, if allowed to read the call logs, the Government could access and analyse full historical call metadata (who called/messaged whom, when) to map detailed social networks and patterns. Private players could exploit this for predictive behavioural analysis or illicit contact mapping.
Sensitive correspondence
If it gets permission to read SMS, the government can read sensitive correspondence, intercept OTPs, or send messages covertly. “If data is shared, private players could use message content for unauthorised data mining or real-time identity theft,” he said.
K Anvar Sadath, a leader of Democratic Alliance for Knowledge Freedom (DAKF), said that by enforcing Clause 7(b), which prevents users from disabling the app, the State effectively seizes ‘Device Sovereignty’, treating personal hardware as government-leased infrastructure.
This move is legally paradoxical in light of the recently notified Digital Personal Data Protection (DPDP) Rules, 2025. While the Act ostensibly mandates ‘data minimisation’ – collecting only what is strictly necessary – the Sanchar Saathi app demands blanket permissions for call logs, SMS and camera access.
This contradiction exposes the hollowness of India’s privacy framework. The government is weaponising Section 17 exemptions of the DPDP Act to bypass the very safeguards it claims to uphold. By creating a permanent, undeletable backdoor on 800 million devices, the state is institutionalising “surveillance-by-design”.
The Internet Freedom Foundation (IFF) has termed the Union government’s move to mandate the launch of the app on phones a “sharp and deeply worrying” expansion of executive control over personal digital devices.
Telecom security
The stated objective of curbing IMEI fraud and improving telecom security is, on its face, a legitimate state aim. “But the means chosen are disproportionate, legally fragile, and structurally hostile to user privacy and autonomy,” it said.
Pritam Shah, Global Practice Head – OT Security and Data Security, Inspira Enterprise, said that the Indian government’s pre-installation mandate for the Sanchar Saathi app on all devices sold in India, as part of citizen empowerment and security efforts, is a step in the right direction for overall national cybersecurity.
“That said, if the app is made mandatory, it may clash with existing cybersecurity and business apps already installed on the mobile phone due to access privileges. With ‘deep’ permission requests from the app, which seek access to storage, call logs, SMS, and the gallery, the possibility of interference with other apps and operating systems’ permission management is a concern.
Published on December 2, 2025
aniltikotekar4sme.com 