How a government app in India triggered a backlash over internet freedom

The report is from this week’s edition of CNBC’s “Inside India” newsletter which brings you timely, insightful news and market commentary on the emerging economic powerhouse. Subscribe here.

The big story

It all started this Monday.

The Indian government asked phone manufacturers to preload a state-run cybersecurity app with no option to disable it, mandating them to push it via software updates on handsets.

On Tuesday, there was backlash on social media and pressure from internet freedom activists, with the country’s chief opposition political party labelling the application a “snooping app.”

On Wednesday, the government rolled back the mandate for the Sanchar Saathi app, while defending it as a “citizen-centric tool that brings robust security features and fraud-reporting capabilities directly to users’ smartphones.”

While the state buckled under public pressure, it is not the not the first time the government has found itself in hot waters over charges of digital overreach, including compromising people’s privacy.

In 2023, security breaches were reported in the state-run covid vaccination app — whose introduction had also sparked privacy concerns. The health ministry initially denied the claim, but days later the country’s information and technology minister told local media that the root cause of the leak had been identified.

While internet freedom activists in the country welcomed the government’s move to roll back the Sanchar Saathi mandate, they said the battle was far from over.

Nikhil Pahwa, a digital rights activist, told CNBC that due to the amount of data leaked by the government and the numerous previous data linkage mandates, “they are unable to now contain the fraud.”

Experts say that government policies are often misdirected. If the government is serious about solving the issue of online fraud, “they need financial network controls and not a phone side app,” said Mishi Choudhary, a lawyer focused on internet advocacy issues, referring to Sanchar Saathi.

The government instead needs to address pathways used for fraud such as SIM Swap, mule bank, fake loan apps, cross-border call centers and remote access apps, she said.

According to local media reports, smartphone makers and operating system providers claimed that there was no prior consultation with the industry on the preinstallation mandate.

Reuters reported that Apple had resisted to comply with the directive and planned to convey its concerns around “security vulnerabilities” to authorities in New Delhi.

India’s telecommunications department, and its electronics and information technology ministry did not respond to CNBC’s requests for comments.