India revokes order for smartphone makers to install government security app amid privacy uproar

New Delhi- India’s government on Wednesday revoked an order directing smartphone makers such as Apple and Samsung to install a state-owned and developed security app on all new devices. The move came after two days of criticism from opposition politicians and privacy organizations that the “Sanchar Saathi” app was an attempt to spy on citizens through their phones.

“The government has decided not to make pre-installation mandatory for mobile manufacturers,” India’s communications ministry said in a statement on Wednesday afternoon.

The initial order, issued privately by the ministry to phone makers late last month, was leaked to Indian media on Monday. It directed all phone makers to pre-install the Sanchar Saathi (meaning communication partner in Hindi) app on new phones within 90 days, and also on older phones through software updates.

The order, reported on Monday by numerous Indian media outlets and later recognized by the government, asked manufacturers to ensure that app functions could not be “disabled or restricted.”

There was immediate backlash on Monday, with opposition political parties quickly labeling the government software a “spying app” and drawing parallels with Pegasus, the hacking spy software developed, marketed and licensed to governments around the world by the The Israeli company NSO Group.

On Tuesday, India’s national communications minister Jyotiraditya Scindia insisted to reporters outside parliament that the Sanchar Sathi app was not mandatory and was in line with democratic principles. He said smartphone owners can activate the app at their convenience to access its benefits and can also delete it from the devices at any time.

However, it said nothing Tuesday to deny or change the order to phone makers to ensure the app was pre-installed.

On Wednesday, Scindia insisted that “no spying is possible or will be done” with the app.

While the order for its universal installation was revoked, the government continued to defend the app on Wednesday, saying that the intention had been to “provide access to cybersecurity to all citizens” and insisting that it was “secure and intended solely to help citizens.”

Opposition politicians say “it’s a spy app”

The government’s U-turn came after harsh criticism from opposition political parties and digital rights advocates.

“It’s a spy app. It’s ridiculous. Citizens have the right to privacy. Everyone should have the right to privacy to send messages to family and friends, without the government looking at everything,” Priyanka Gandhi, leader of the opposition Congress Party, told reporters outside India’s parliament on Tuesday.

“They brought Pegasus and have not been able to keep it under control. MPs and MLAs say their phones are being tapped. For the last 11 years, basic rights have been taken away from Indians… This is the real violation of National Security,” said Renuka Chowdhury, another Congress member.

Digital privacy advocates also expressed concern about the government order, saying it would violate citizens’ right to privacy in a country with more than 1.2 billion mobile phone users.

“No government will ever be expected to recognize that a government app is a spy tool, even in China and Russia where such apps have been mandatory,” Indian technology analyst Prasanto K. Roy told News themezone on Wednesday. “A government statement alone is not enough to inspire confidence.”

Roy said the government should restrict the default permission settings that allow the app to access data on smartphones to the absolute minimum and explain why those permissions were deemed necessary. He added that the application’s code should be open source and published online, to allow independent security professionals to analyze it.

“In layman’s terms, this turns every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully reject, control or delete,” the organization Internet for Freedom said in a statement Tuesday, before the government revoked its order. “For this to work in practice, the app will almost certainly need root or system-level access… so that it cannot be disabled. That design choice erodes the protections that normally prevent one app from accessing another app’s data and turns Sanchar Saathi into a permanent, non-consensual hotspot within every Indian smartphone user’s operating system.”

Technology analyst Roy told News themezone that the real issue was “not faith in government benevolence,” but rather “concerns about potential access to a wide range of data by many mid- or junior-level officials in government or law enforcement,” as there was no clarity about what data could be accessed through the app, or who would have access to it.

Major phone makers did not react publicly to the government order, but Reuters news agency reported that Apple had planned to refuse to comply.

The Indian government says it is only trying to help

The government argues that the app allows users to track, lock and recover lost or stolen smartphones using the device’s International Mobile Equipment Identity (IMEI), a unique code assigned to all phones sold worldwide.

It also allows users to check how many unique mobile data connections are registered under their name, which it says will help people identify and deactivate fraudulent numbers and accounts opened by scammers.

Other features include tools to report suspected fraud calls and verify the authenticity of devices used to make purchases, according to officials.

The government said in its multiple statements that the app had already been downloaded 14 million times and used to help track 2.6 million lost or stolen phones. He said Sanchar Sathi had helped disconnect more than 4 million fraudulent connections, according to citizen reports.