Sanchar Sathi: India unique in imposing apps on citizens, other countries deal with cyber crimes differently
India has informed phone makers that Sanchar Sathi, an app aimed at tracking stolen phones, must be preinstalled on all new phones in the next 90 days. Imposing something like this on citizens makes India unique among all democracies.
The Government of India has issued an order asking all phone companies to pre-install the Sanchar Sathi app in all new phones, as well as install it in old phones through software updates. Phone makers including Apple, Samsung and Xiaomi have been given a deadline of 90 days to submit the report within 120 days. This mandate has sparked debate on social media regarding privacy and government surveillance.
However, the government says that the reason for this notification is to protect the users. “To protect citizens from purchasing non-genuine handsets, to enable easy reporting of suspected misuse of telecom resources and to enhance the effectiveness of the Sanchar Saathi initiative, DoT has issued (these) instructions,” the official PIB press note said.
Now, no matter what the notification says, a government app that can’t be uninstalled or disabled raises eyebrows. On the one hand, you have real concerns about cyber crime, including theft and counterfeit phones, and on the other, you have concerns about users’ privacy. So, how do countries around the world manage this kind of thing? Well, in two ways. When it comes to democracy, India is unique in its system. There is no other country that demands citizens to install an app that cannot be uninstalled. But, for example, authoritarian countries have rules similar to those proposed by India.
Let’s take a closer look at how other countries are dealing with cyber crimes and what they are demanding from their citizens.
in the united states
The US does not mandate pre-installation of any government app on smartphones. Instead, the Federal Communications Commission (FCC) has mandated the STIR/SHAKEN protocol for all telecommunications operators.
All telecom operators must digitally “sign” the call, which will then be verified by the receiver. This happens in the background, and the user has no active role. The purpose of this digital ID is to prevent call spoofing – where the caller can fake the phone number they are using to make a call. Canada has also made this protocol mandatory for its telecom network.
In addition to STIR/SHAKEN, several US agencies work around the clock on cyber crime. The FBI runs a 24/7 operations center called Psywatch to monitor incidents. The Cybersecurity and Infrastructure Security Agency (CISA) works with other agencies and the private sector to share threat information. The agencies also issue guidelines for individuals and organizations to stay safe online without any mandatory apps.
In other words, instead of blanket measurements such as apps installed on all phones, the US government uses targeted or hierarchical surveillance to keep an eye on cyber. This is potentially highly effective, although it also requires better IT infrastructure and more skilled law enforcement officers.
in britain
The United Kingdom also does not force companies to preinstall any apps for security reasons. Rather, it takes a different approach. The Online Safety Act 2023 puts a legal duty on tech companies (Facebook, Google, etc.) to prevent fraudulent advertising and content.
Companies that host user-generated content must have systems in place to reduce users’ exposure to illegal content that may be associated with scams or fraud. In a way, this forces companies to protect users, without government interference.
in the european union
The European Union (EU) is arguably the most proactive government body when it comes to data protection and cybersecurity. Now, one can assume that a strict authority like the EU can force phone manufacturers to install the apps. But, this does not happen. Instead, the EU ensures that every device sold in its territory is safe and receives mandatory security updates from phone manufacturers.
According to the Cyber Resilience Act (CRA), any device sold in the EU must be considered “secure” out of the box – that is, there must be security systems in place at every layer of the phone’s platform, with at least five years of security patches.
Furthermore, the Digital Services Act ensures that very large platforms like Google, Meta and TikTok remove any potential scams from their sites. If a user spots a scam on a platform, the platform may be forced to pay a hefty fine.
But there is an app that the EU has. It is called EUDI wallet. The app is considered to be a secure mobile application for identity proof, electronic signature, education documents and health information. However, the EU has clearly stated that this is completely voluntary for all users, and the data will remain private. There is no requirement to pre-install the app.
in Singapore
Singapore has a government app to check on fraud and scams, called ScamShield. The app filters all calls and SMS as per the police database. However, its use is not mandatory and remains voluntary. The Singapore Police Force recommends that citizens install the app, but it is not required, and it is not pre-installed on any device.
South Korea: An example of a government-ordered app in a democracy
South Korea is the only democracy that has attempted to mandate government apps. The app was called SmartSheriff and was mandated only for phones that were used by minors – those 18 years of age or younger. It was a parental control app that censored illegal content and warned parents if a child used words like “suicide,” “pregnancy,” or “bullying.”
The app was investigated for government surveillance. However, later, major security flaws were found by researchers at the University of Toronto’s Citizen Lab and German software auditing firm Cure53. SmartSheriff was eventually withdrawn in November 2015.
India will be unique
So, as it turns out, most democracies have never tried to force phone manufacturers to preinstall government apps for security. The US takes a more proactive approach with government agencies working to prevent cybercrime, while the EU takes a tougher stance towards phone manufacturers and web platforms.
If we want to see an example of a government-ordered app, we have to take a look at Russia, which is the only real example for such a case (unless you want to delve deep into the North Korean smartphone industry). The Russian government under President Vladimir Putin has a list of 19 “essential software” apps that must be pre-installed on phones and tablets. This includes a government ID app called Gosuslugi. A new “super app” called MAX is the latest addition to this list, which aims to be a replacement for WhatsApp and Telegram.