Government Mandate on Sanchar Saathi App Withdrawn!!! The Second Significant Bow Down after Three Farm Laws!

[Sukla Sen]

[A Very Brief Summary:

The Department of Telecommunications on Wednesday (December 3, 2025) walked back its directions to phone manufacturers, ordering them to install a government app starting next year. The reversal caps a turbulent episode where the government first downplayed the nature of the mandate before committing to withdraw it altogether, arguing that a recent spike in downloads of Sanchar Saathi, following the furore, meant that there was “no need” for smartphone manufacturers to preload the app on their devices.

(Ref: <https://www.thehindu.com/news/national/government-withdraws-mandatory-sanchar-saathi-pre-installation-on-phones-after-backlash/article70352971.ece>.)

On this 28th November, the DoT issued directions mandating the manufacturer and importers of mobile handsets that are intended for use in India under the provisions of the Telecom Cyber Security Rules, 2024 to: Ensure that the Sanchar Saathi mobile application is pre-installed on all mobile handsets manufactured or imported for use in India.

This in fact overlapped with another direction by the same department that Over-the-top (OTT) communication apps -- WhatsApp, Signal, Telegram and such others -- must now implement continuous SIM-to-device binding: the app will only work if the same SIM card used for registration is physically (or digitally, in the case of eSIM) present and active in that device. If the SIM is removed or deactivated, the app must stop working. The platforms have 90 days to comply and must submit reports within 120 days, with penalties under several Acts, for non-compliance.

This too raises grave apprehension whether this is a constitutive element of the beginnings of a 24/7 surveillance grid, where the State — and large platforms — gain unprecedented visibility into who is talking, from which device, and through which SIM.

While the order on SIM-to-device binding had largely gone under the radar, the subject one has raised considerable uproar -- both within and outside the parliament.

As the outcome, the Union Government went a bit on the backfoot. In the parliament, the concerned Minister has "clarified" that the subject app is optional and the individual user can delete or uninstall it anytime at her option.

However, the critics have expressed serious doubts about this "clarification" pointing out that the relevant order explicitly provides that the pre-installed app cannot be deactivated or disabled.

Be that as it may, even if the Minister is given the benefit of doubt, issues remained.

If the app is really "optional", why "pre-install"? Why try to push it down the throats of unwilling equipment manufacturers?

Why not just make it available for free download and widely publicise its virtues?

Apart from that, apps almost routinely get "upgraded" or "updated" from time-to-time.

Features can be quietly added to the app, by its provider, even subsequently without the user being at all aware of the specific implications and thereby averting causing a splash.

This aspect too as yet has not appeared to have attracted adequate attention.

Now, finally, with the withdrawal of the mandate and a significant victory scored, this particular chapter is closed for now.]

I/III.

Here is the full text copy (plain-text transcription) of the Telecommunications (Telecom Cyber Security) Amendment Rules, 2025 — the gazette-level notification (in English + structure) that underpins the Sanchar Saathi policy. This corresponds to the PDF “The Gazette Of India” (registered G.S.R. 771(E), published 22 October 2025) on the official portal.

---

THE GAZETTE OF INDIA — EXTRAORDINARY [PART II — SEC.-3(i)]
PUBLISHED BY AUTHORITY
MINISTRY OF COMMUNICATIONS
(Department of Telecommunications)

New Delhi, the 22nd October, 2025
G.S.R. 771(E).—

Whereas a draft of the Telecommunications (Telecom Cyber Security) Amendment Rules, 2025 — which the Central Government proposes to make, in exercise of the powers conferred by clause (v) of sub-section (2) of section 56 of the Telecommunications Act, 2023 (44 of 2023) — was published as required by sub-section (1) of section 56 of the said Act vide notification G.S.R. 411(E), dated 24th June 2025 in the Gazette of India, Extraordinary, Part II, Section 3(i), dated 24th June 2025, inviting objections and suggestions from persons likely to be affected thereby before the expiry of thirty days from the date on which the copies of the Gazette containing the said notification were made available to the public;

And whereas copies of the said Gazette were made available to the public on 25th June 2025;

And whereas the objections and suggestions received from the public in respect of the said draft rules have been duly considered by the Central Government;

Now, therefore, in exercise of the powers conferred by clause (v) of sub-section (2) of section 56 of the Telecommunications Act, 2023 (44 of 2023), the Central Government hereby makes the following rules, namely: —

---

1. Short title and commencement

(1) These rules may be called the Telecommunication (Telecom Cyber Security) Amendment Rules, 2025.
(2) They shall come into force on the date of their publication in the Official Gazette.

---

2. Amendment to definitions (Rule 2 of the principal rules)

In the principal rules (the Telecommunication Cyber Security Rules, 2024), in Rule 2, sub-rule (1), the following clauses are inserted —

• After clause (c), a new clause “(ca)” — “licensee” means a person holding a licence to provide telecommunication services under the Indian Telegraph Act, 1885.

• Also after clause (c), a clause “(cb)” — “MNV platform” means the mobile number validation platform established under Rule 7A to enable validation by authorized entities and licensees as regards whether telecommunication identifiers specified by TIUE customers or users correspond to the users as per the database of an authorised entity or licensee.

• After clause (h), a new clause “(i)” — “‘TIUE (telecommunication identifier user entity)’ means a person, other than a licensee or authorised entity, which uses telecommunication identifiers for the identification of its customers or users, or for provisioning or delivery of services.”

---

3. Amendments to several rules (inserting TIUE-related coverage)

In the principal rules, in Rule 3: sub-rule (1) — after clause (a), a new clause “(aa)” inserted; in sub-rule (2) — in clause (b) the phrase “or TIUE” is added after “telecommunication entities”.

In Rule 4: in sub-rule (3), “or TIUE” inserted after “telecommunication entity”.

In Rule 5: sub-rule (6) is substituted; and clauses referencing only “telecommunication entities” are amended to “telecommunication entities or TIUEs”.

Detailed modifications include providing central government power to suspend or disconnect use of telecommunication identifiers (like IMEIs / mobile numbers) if misuse is suspected, and to apply this to both licensees and TIUEs.

---

4. Insertion of Rule 7A — Validation of Telecommunication Identifiers

A new Rule 7A is added to the principal rules, which provides:

1. The Central Government shall establish or cause to be established a “MNV platform” for ensuring telecom cyber security and preventing security incidents. Authorized entities and licensees are directed to participate on the platform.
2. Entities (TIUEs, licensees, or government agencies) may place requests on the MNV platform — upon payment of prescribed fees — for validation of telecom identifiers (e.g. mobile numbers, IMEIs) to check if they correspond to legitimate users in authorized databases.
3. The platform will transmit validation requests to authorised entities / licensees; responses must be supplied as per portal protocols.
4. The validation mechanism is intended to ensure traceability of telecom identifiers across services linked to them, and that all data handling complies with applicable laws related to data protection.

---

5. Amendments to Rule 8 (on IMEI / device-equipment identity controls)

In Rule 8: after sub-rule (4), a new sub-rule (4A) is inserted:

• Sub-rule (4A): The Central Government may issue directions to manufacturers of telecommunication equipment bearing IMEI numbers not to assign IMEIs that are already in use in telecommunication networks in India to new equipment manufactured or imported to India from a date specified on the portal.

After sub-rule (5), new sub-rules (6), (7), (8) are inserted:

• Sub-rule (6): The Central Government shall maintain (directly or via authorised agency) a database of IMEIs which are tampered, or whose use has been restricted.
• Sub-rule (7): Any person engaging in sale or purchase (or authorised agency) of second-hand or used telecom equipment must — before sale or purchase — access the database to ensure that the IMEI is not blacklisted or tampered; sale/purchase of any device listed in the database is prohibited.
• Sub-rule (8): Every manufacturer or importer of any telecom equipment with an IMEI must ensure compliance with any directions issued by the Central Government for the purpose of giving effect to these Rules.

---

6. Amendments to Rule 10 (expanding obligations)

In Rule 10:

• In sub-rule (2), “or TIUEs” is inserted after “telecommunication entities”.
• In sub-rule (3), after “telecommunication entity”, “, TIUE,” is added — expanding applicability.

---

(Signed Digitally)
[Name in Gazette — official signatory]
On behalf of Ministry of Communications / Department of Telecommunications

---

II.

Here’s a line-by-line explanation of the official directive (order) from Department of Telecommunications (DoT) on Sanchar Saathi — based on the publicly available version of the directive text (as reported by media and from the official documents page). 

---

DoT Directive: What Each Clause Says (with Simplified Explanation)

Clause / Point Meaning / Implication

Applicability — “Every manufacturer and importer of mobile handsets that are intended for use in India” must comply. The order applies to all phone makers and importers whose products are to be sold or used in India.

From 90 days of issue of directions — all new handsets (manufactured/imported for India) must have Sanchar Saathi pre-installed. Any phone sold after this window must come with the app already on it — out-of-the-box.

The pre-installed app must be “readily visible and accessible” at first use (device setup), and its functionalities must not be disabled or restricted. The app cannot be hidden or crippled; when a user first sets up a phone, they should be able to see and access the app.

For devices already manufactured or currently in retail channels (i.e. already in the supply chain), manufacturers/importers shall “endeavour” to push the app via software updates. Even phones already built/produced — but not yet sold — should get the app via an update before sale.

Compliance report submission: all manufacturers/importers must submit a compliance report to DoT within 120 days of issue of directions. The companies must formally tell DoT that they have complied (or explain otherwise), within the given timeframe.

Legal Consequences: Failure to comply will attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and other applicable laws. Non-compliance is not just a guideline — it may invite statutory penalties.

Purpose / Rationale (Why DoT issued this): To ensure handset genuineness (avoid fake / cloned devices), help users verify device authenticity via IMEI, prevent misuse of telecommunication identifiers, curb frauds linked to stolen or blacklisted devices, and protect telecom cyber-security. The motive is to bolster trust in devices sold in India, deter IMEI cloning/forgery, and safeguard consumers from fraud or illicit resale.

---

Context and Additional Observations (based on the Same Directive & Related Facts)

The directive was issued on 28 November 2025. 

It is issued under the authority of the 2024-enacted Telecom Cyber Security Rules (as amended) — giving DoT legal backing to mandate handset compliance. 

The directive aims to address a serious concern: devices with duplicate or spoofed IMEIs — these can appear valid but may be blacklisted or stolen, leading to security risks. 

Through the app (Sanchar Saathi), users are meant to be able to:

Verify if a phone’s IMEI is genuine or blacklisted before purchase. 

Report lost or stolen devices. 

Report suspected telecom fraud (e.g. spoofed numbers, suspicious calls/SMS). 

The DoT order emphasises that the pre-installed app must remain functional and not be disabled by the manufacturer/importer, ensuring consumers get a “live” anti-fraud / verification tool. 

---

What the Directive Does Not Say (or What Remains Ambiguous / Debated)

The directive says “pre-install and make visible/accessible” but does not explicitly say whether the end-user is prohibited from uninstalling the app. The wording refers to manufacturers/importers’ obligations, not directly restricting user control. 

Because of this, there is public confusion and debate — some interpret the order as forcing the app as non-removable bloatware; others argue it only mandates installation by the vendor, not permanence on consumer devices. 

The directive applies to phones manufactured or imported for use in India — but it may not clearly cover phones “brought from abroad” (grey imports).

---

An Interpretation & Key Takeaways

The directive represents a top-down regulatory push by DoT to enforce telecom-security standards across all handsets sold in India.

For genuine, new handsets sold in India from early 2026 onwards (90 days after Nov 28), buyers can expect the app to be pre-installed by default — giving them tools to check authenticity / report fraud.

However — because of ambiguity about whether the app can be uninstalled — there is uncertainty about how “permanent” or intrusive this pre-installation truly is.

The requirement for compliance reports and legal backing under telecom laws suggests the government is serious about enforcement, not just advisory.

---

III.

There are public analyses and reactions from Apar Gupta and other noted free-speech / digital-rights voices. 

Please find reproduced below short summaries of a few significant analyses and also the respective links.

---

1) Apar Gupta (Internet Freedom Foundation) — interview + IFF statement

What: Full interview / Q&A with Apar Gupta (founder-director, IFF) on the Sanchar Saathi mandate, plus the Internet Freedom Foundation’s formal statement announcing they will challenge the DoT direction.

Why it matters: Apar Gupta is one of India’s leading digital-rights lawyers/advocates; his view explains the legal/privacy risks and outlines likely remedies (RTI, legal challenge, public campaigning).

Links: 

1. 'It Would Be Like Living in a Modern Dictatorship': Apar Gupta on Sanchar Saathi Mandate https://m.thewire.in/article/government/full-text-interview-internet-freedom-foundation-apar-gupta-sanchar-saathi-app-cybersecurity

2. IFF formal statement / blog post:

<https://internetfreedom.in/iffs-statement-against-dots-direction-for-the-mandatory-installation-of-sanchar-saathi-we-will-fight-for-its-rollback/>.

3. https://analyticsindiamag.com/ai-features/sanchar-saathi-shouldnt-turn-into-a-tool-for-state-surveillance

---

2) Internet Freedom Foundation (IFF) — detailed statement / action notice

What: IFF’s short policy statement calling the DoT directions “disproportionate”, legally fragile, and “structurally hostile to user privacy and autonomy”, and announcing they will seek rollback / legal remedies.

Why it matters: IFF is the main civil-society organisation in India that litigates and campaigns on privacy, free expression and surveillance issues. Their statement sets out the core legal and policy objections (consent, proportionality, data-security, scope).

---

3) Pranesh Prakash (tech policy / Centre for Internet & Society commentary)

What: Short expert reaction noting that the mandate doesn’t meaningfully address the underlying fraud/telecom-abuse problems and flags privacy/centralisation risks. (Quoted / cited in media analysis pieces.)

Why it matters: Pranesh is a senior, respected tech-policy analyst in India; his critique focuses on the policy design — whether the measure will actually solve the problem and the privacy tradeoffs.

Where to read: Quoted analysis / interview in Analytics India Mag and related coverage. 

---

Quick summary of the main objections raised by these advocates

1. Privacy & surveillance risk: centralised mandates for a government app raise the danger of state access/mission-creep. 

2. Proportionality / legality: critics say the direction appears legally fragile and may exceed the government’s powers absent proper safeguards. 

3. Effectiveness: some experts argue pre-installation won’t fix IMEI-cloning/telecom fraud at scale and that alternative regulatory fixes might be better. 

4. Implementation & vendor friction: major vendors (Apple, Google ecosystem manufacturers) have policies about forced pre-installation — this raises feasibility issues. 

---

Good request. I gathered the material I found — for all three: (1) the full-text of the Internet Freedom Foundation (IFF) / Apar Gupta analysis (interview), (2) IFF statement / media-analysis of the order, and (3) a comparative brief summarizing the arguments (pro and con) so far.

You may copy/paste or save as you like.

---

1. Full Text of the Apar Gupta Interview

Here is a cleaned transcription of the interview with Apar Gupta in The Wire. 

“So, even when the app comes installed, you do not have the ability at a later point in time to remove it and this, by itself, undermines any user’s autonomy — but also gives risks of any kind of change in the app over a period of time in which your device permission such as the ability of the application to scan all of your photos, read all your messages, undermines your privacy. This is there in a clear way, in clear expressions contained within the directions.” 

“If you were to list maybe the two or three top concerns … The first … is that it converts every smartphone into a vessel for state-mandated software that the user cannot meaningfully refuse, control, or remove. So you’re not in control of your smartphone. It makes it a Pandora’s box and it is being opened by the state.” 

“The second is that the changes which may be there in the application are not limited by any law. Which means that because this application is installed by a direction … you are not in control, the application is not bound by any law.” 

He further adds that while telecom fraud and scams are real, “this does not fix the problem at all” — pointing out the app-only approach sidesteps deeper issues like policing, regulatory oversight, and protection for people using feature phones (not smartphones). 

He concludes by urging that any approach to telecom fraud / cyber-fraud should involve transparency, consent, and legal safeguards, not blanket mandates. 

If you like — I can also provide the original full-length HTML (with timestamps, interviewer questions etc.) as a downloadable file (since the Wire site may update).

---

2. IFF Statement / Other Significant Media-Analysis

What IFF says (and other civil-liberty / tech-policy critics):

IFF described the pre-installation mandate as a “sharp and deeply worrying expansion of executive control over personal digital devices.” 

The move was labelled “disproportionate” and against the principle of user consent / privacy. 

IFF has filed an RTI request asking for the full direction / justification from the Department of Telecommunications (DoT) and pledged to fight the direction until it’s rescinded. 

Other commentators — including technology-policy analysts — raised similar concerns:

That there was no public consultation, transparency or pilot testing before making a mandate of this scale. 

That the proposed mandate duplicates services already offered by telecom operators or third-party apps and potentially creates a “single point of attack” — i.e. a monolithic government-controlled system storing a vast amount of device/user data. 

That for many users — especially with low digital literacy — a pre-installed app is effectively irreversible, even if nominally “deletable.” This raises serious concerns about informed consent and autonomy. 

Additionally, the political opposition and some MPs have voiced concerns that the move amounts to “normalising surveillance under the guise of security.” 

---

3. Comparative Brief: Arguments For vs Against the Order (So Far)

Position / Stakeholder Key Arguments / Points

Pro–Mandate / Government View — The requirement aims to fight telecom-fraud, IMEI-cloning, fake/stolen phones and protect consumers. <br> — Pre-installation ensures that the tool reaches even users unfamiliar with digital threats or who may never proactively install such apps. <br> — According to the government, the app’s purpose is purely protective; users supposedly retain control — deletion is permitted (as per ministerial clarification). 

Anti–Mandate / Civil-Liberty & Technical Critics — Mandate converts every smartphone into a mandatory vessel for state-directed software, taking away user autonomy and consent — a fundamental rights issue (privacy, free use). (As per Apar Gupta) <br> — There is no clarity, transparency, or legally binding safeguards on data use, permissions, future modifications of the app — opening doors for misuse, mission creep. <br> — Even if deletion is claimed to be permitted, for many users (especially with low digital-literacy), pre-installation effectively becomes “permanent” de facto — unremovable bloatware or at least very difficult to remove. <br> — There is limited evidence that a centrally-mandated app will actually reduce fraud significantly; structural problems of telecom-fraud, adulteration, regulatory enforcement, policing cannot be solved solely by an app. (As per Apar Gupta) <br> — The centralised system increases risk of mass surveillance or data breach (single point of failure/attack). 

Intermediary / Neutral Observations (Media / Policy Analysts) — The order (as per initial DoT direction) and the ministerial statements appear contradictory: the directive says the app’s functionalities “ should not be disabled or restricted,” while the minister claims users can delete it. This contradiction undermines trust. <br> — The government’s backtrack (making the app “optional”) shows that the mandate may not have been well-thought-through, or that implementation would face major pushback (from vendors, civil society, public sentiment). <br> — The lack of clarity on data-flows, permissions, third-party audits, data retention / privacy safeguards — even if the intent is benign — raises legitimate concerns about long-term implications for digital rights. 

---

4. What’s Happening Now / What to Watch

After strong backlash from civil-society, privacy advocates, parts of opposition and even some telecom-vendors, the government has reportedly “softened” its stance: ministers clarified that the app is “optional” and can be deleted. 

But critics (IFF and others) point out that the original directive text clearly instructs that the app “shall not be disabled or restricted” — so ministerial assurances may contradict the actual legal order. 

IFF has filed an RTI request to get the full order & justification from the DoT; they intend to challenge the direction until it’s formally withdrawn. 

The debate and public pressure might (if continued) push for stronger safeguards — e.g. data transparency, independent audits, explicit user-consent framework — if Sanchar Saathi or any similar initiative is to be rolled out again consistently.

Finally, the mandate has been withdrawn.

---

Peace Is Doable