STATE TIMES NEWS
NEW DELHI: The government on Wednesday withdrew its directive requiring smartphone makers to pre-install a state-run cybersecurity application on all new devices, as it moved to quell rising concerns that the measure could have compromised user privacy or enabled surveillance.
The Sanchar Saathi app, which the government says only helps track and block stolen phones and prevents them from being misused, will, however, continue to be available on app stores for voluntary downloads.
“The government has decided not to make the pre-installation mandatory for mobile manufacturers,” the communications ministry said in a press statement.
The move follows protests from opposition parties and privacy advocates who felt the app could listen to calls as well as read messages. Some manufacturers such as Apple and Samsung were said to have voiced reservations over the November 28 order.
“The number of users has been increasing rapidly, and the mandate to install the app was meant to accelerate this process and make the app available to less aware citizens easily. Just in the last one day, 6 lakh citizens have registered for downloading the app, which is a 10x increase in its uptake,” the ministry said in the statement.
Globally, hardly any country has mandated pre-loading of a cybersecurity app on all smartphones. The only reported exception is Russia which in August ordered that MAX – a state-backed messaging service viewed by critics as a potential surveillance tool – be installed by default on all phones and tablets.
Defending its own app, the government said it was “secure and purely meant to help citizens from bad actors in the cyber world.”
The ministry added that the measure was no longer necessary as the app was gaining “wide user acceptance” on its own.
Earlier in the day, Communications Minister Jyotiraditya Scindia indicated that the government was willing to make changes in the November 28 order but insisted that the snooping is neither possible nor will it happen with the app.
Sanchar Saathi app “se na snooping sambhav hai, no snooping hoga”, he said in response to Congress leader Deepender Singh Hooda’s supplementary question in the Lok Sabha regarding snooping concerns related to the app.
Scindia had on Tuesday stated that users could delete the app, which becomes operational only when a user registers on it.
If a consumer has not been registered on the app, then the app will not be operational and one can also delete the app, he repeated in the Lok Sabha on Wednesday.
There have been around 1.5 crore app downloads already.
With the portal and the app, 26 lakh stolen handsets have been traced, 7 lakh stolen handsets have been returned to consumers, 41 lakh mobile connections have been disconnected and 6 lakh frauds have been blocked, the minister said.
In the November 28 order, his ministry directed smartphone makers to pre-install the app on all new devices and push it through updates on older ones.
The order mentioned that the pre-installed app should be “readily visible and accessible” and “functionalities are not disabled or restricted”.
Following the uproar, the communications ministry had issued an explainer, clarifying that the phrase “readily visible and accessible” and “functionalities are not disabled or restricted” in order as a direction to manufacturers, not a restriction on users.
“It simply means manufacturers must not hide, cripple or pre-install a non-functional version of the app and later claim compliance. Nowhere it has been mentioned in the above clause that the Sanchar Saathi App cannot be uninstalled by the end user. It is up to the citizen if he wants to enable and register Sanchar Saathi Mobile App or uninstall,” it had said.
The explainer was issued prior to the withdrawal of the order.
Main opposition party Congress had charged the BJP-led government of “brazenly snooping” on citizens with the app.
“The communications minister confidently claimed that the Sanchar Saathi app can be deleted, a statement that collapses instantly under the weight of the government’s own direction, where Section 7(b) categorically states that the pre-installed app cannot be removed, nor can any of its ‘functionalities be disabled or restricted’,” Congress’ media and publicity department head Pawan Khera said.
The ministry’s explainer said the Sanchar Saathi app has limited access to phone data and that too only to the extent citizens permit it in each “interaction of reporting fraud” through the permissions granted.
Like some other mobile apps, Sanchar Saathi seeks permission to “make & manage phone calls” to check the active SIM in the phone before starting the registration process, send SMS to complete user registration.
“This is a one-time SMS, similar to OTP verification processes used by banking apps, UPI applications, and communication platforms. The app does not use this for anything else that may be enabled by this permission,” the explainer had said.
The explainer said the app needs access to the camera to take pictures of the product, such as the IMEI number printed on the box, for checking genuineness of a handset, and to send captured screenshots of a fraud call or SMS as chosen by the user as evidence.
“The app is designed not to have any access to contacts, other apps, location, microphone, bluetooth, or any other private functionalities or data of the user that is specifically not permitted by the user in “every interaction of reporting fraud” of the user with the app.
“The app does not harvest any other data on its own based on permissions granted. Further, citizens have the choice to remove any permission any time or deregister any mobile number registered on the app and also to uninstall the app,” the explainer said. The explainer said the app never accesses microphone, location, bluetooth, or the operating system.
“The Sanchar Saathi app has limited access to phone data and that too only to the extent citizens permit it in each ‘interaction of reporting fraud’,” the explainer said.