Breach of cybersecurity — carried out in multiple ways and forms — has been a reality for more than two decades in India and no solution has been good enough so far. Even the latest government diktat to handset makers, asking them to install or rather pre-install Sanchar Saathi, which is an app meant to combat fraud, on smartphones will remain just an idea. In less than a week of the Department of Telecommunications (DoT) order being sent to handset makers, including Apple and Samsung, and after much noise in Parliament and TV studios, the mandate has been withdrawn.
While the storm has blown over, for now, the issue will continue to be debated for many reasons. First, handset makers, especially the likes of Apple, were not expected to comply with such a diktat as it would have meant an overhaul of their global algorithm. Apple, known for its stand on such issues, would have stood its ground against such a directive. That may have been quite an aberration at a time when the American major and its global vendors are scripting an upbeat manufacturing story for India.
Also, even though the installation of the app was called a pro-customer move, it turned into a political hot potato, with Opposition parties and citizen groups labelling it as a Big Brother moment. Could this app on our phones result in invasion of privacy and snoop on the confidential data stored on the handsets? While there’s no authentic evidence of that, the fear of personal data leaks through an app on the mobile phone could turn out to be as harrowing as cyber fraud. That itself would have been a good enough reason for the government to withdraw its diktat to smartphone makers.
There are other reasons why smartphone makers should not be made to bear the brunt of any cybersecurity breach. They are not the perpetrators of cybercrime, nor are they providing the telecom service through which frauds are committed.
If a phone user has the liberty to keep or delete the Sanchar Saathi app, as the government clarified earlier this week after the issue became a talking point, there was no reason to impose a compliance burden on smartphone makers. The user, who’s at the receiving end of any cybersecurity breach, should be able to install any app of his choice without involving the smartphone manufacturer. It’s good that the government made a hasty retreat.
Sanchar Saathi, which was launched in 2023 as an indigenously made portal where users could report suspicious phone calls and track lost phones, pivoted earlier this year as a mobile app version —which was at the centre of controversy as a tool to check fraud through phones.
The effort to fight phone spam began way back in 2006 in the country through a process of consultation initiated by the Telecom Regulatory Authority of India (Trai). Rewind to the Trai consultation paper on unsolicited commercial communication, which said: ‘’As telephones have become a ubiquitous communications medium, there has been a sharp increase in marketing and advertising activities through the telephone, a process colloquially referred to as ‘telemarketing’. A significant share of telemarketing is unsolicited….’’ It noted that over the past year, commercial unsolicited calls have engaged the time and attention of the Rajya Sabha, the Supreme Court of India, the High Court of Delhi, the Reserve Bank of India, and the State Commission (Consumer) of Delhi. Trai sought public response and comments on the issues related to the setting up of a do-not-call registry and possible solutions involving telemarketers, service providers, and subscribers.
That was a decade after mobile phones came to India, and apps (other than clocks, calculators and the like) were yet to populate our devices. It was in 2007 that Cupertino-headquartered Apple released its first iPhone, which came bundled with built-in apps like maps, weather and photos. In 2008, the company launched its app store, opening the floodgates for third-party apps. Then in 2010, “app” (abbreviation for application) was listed as the word of the year by the American Dialect Society, according to reports.
As for cybersecurity, the level of threat was much lower in the app-less world at the time when deliberations on unsolicited communication first began. Even so, spam and unsolicited communication emerged as a major worry point for businesses and individuals even then.
After 2006, when DoT and Trai began looking at anti-spam regulations, there were multiple consultations and recommendations— in 2008, 2010, 2012, 2014, 2017, 2018… and, it continues, with the problem growing manifold in the intervening years.
Government representatives close to the matter say whatever is in the best interest of the people should be done, and that includes the withdrawal of an order that seemed intrusive. Now is a good time to restart a concrete consultation process with all stakeholders to find a solution to a problem that is larger than life. And a government app is unlikely to be a magic wand here.
Nivedita Mookerji @nivmook is the Executive Editor of Business Standard. Views are personal.