E-Paper
Securing cellphones
Controversy over cybersecurity app brings issues of cyber fraud and privacy to the fore
The Department of Telecommunications (DoT) this week mandated that all cellphone manufacturers and importers pre-install the Sanchar Saathi app on devices within 90 days. The app allows users to verify their phone’s IMEI number and report fraud. The stated objective — curbing IMEI fraud and improving telecom security — constitutes a legitimate state aim. Indians lost ₹22,845 crore to cyber fraud in 2024, a 206% surge from the previous year across 3.6 million complaints. DoT officials described the app as making fraud reporting “easier”. However, a specific clause in the directive specifying that “functionalities cannot be disabled” sparked confusion, but the matter was quickly clarified by Union communications minister Jyotiraditya Scindia, who said users can delete it if they want to, as this newspaper had reported Tuesday. The government has demonstrated backend capability; the Indian Cyber Crime Coordination Centre identifies nearly a million fraudulent SIM cards monthly and blocks associated IMEIs alongside lakhs of mule bank accounts through which scammers funnel their plunder.
The scam pipeline begins with fraudulent SIM cards obtained through broken Know Your Customer (KYC) processes. The vulnerabilities enabling this are systemic. Personal documents leak regularly, making stolen credentials readily available. Many Indians lacking adequate awareness sign documents without understanding them or are manipulated into providing details. Users with cheap prepaid connections — which telecom companies make lucrative as first acquisitions — rarely block lost numbers. The app is unlikely to address these process and habit failures.
When someone loses their phone — a primary scenario requiring the app — they no longer have the device and must still use a website to report the loss. For reporting fraud communications, the 1930 national cybercrime helpline provides a simpler, easier-to-remember service. It isn’t clear how mandatory pre-installation on every device will help, especially if users have the ability to delete the app.
The mandate, which normalises government apps as defaults on private devices, may be challenged legally too. The KS Puttaswamy order established privacy as a fundamental right and said that intrusions by the State require justification on three grounds: They must be authorised by law, pursue a legitimate aim, and employ means proportionate to that aim. The mandate arguably satisfies the first two requirements but could fall afoul of the third. Systemic KYC failures remain unaddressed and the app provides no functionality unavailable through existing, often simpler, channels.
The government’s intention may have been to tackle cybercrime, but given the centrality of the mobile phone in today’s world, concerns over privacy are only to be expected. The ministry’s clarifications on Tuesday were much-needed but it should also discuss its larger objective with all stakeholders, including phone makers.
One Subscription.
Get 360° coverage—from daily headlines
to 100 year archives.
HT App & Website
