Two recent directives of the Department of Telecommunications (DoT)—one mandating SIM binding for over-the-top communication apps and the other ordering the pre-installation of the Sanchar Saathi app on all smartphones—are driven by legitimate objectives: reduce cybercrime, improve user protection, and strengthen digital trust. The intent is not in dispute. The method is. And on that score, the government appears to be sprinting where it should be consulting, designing, and only then implementing.
On sim binding
Consider SIM binding. The idea sounds straightforward: link an app like WhatsApp or Signal to the SIM card so that when the SIM is removed, swapped, or deactivated, the service stops working and all linked sessions are periodically logged out. In theory, this prevents fraudsters from running Indian accounts from abroad over Wi-Fi using long-abandoned SIM identities.
But the directive is framed as though the technical ecosystem already supports app-level SIM binding. It does not. Modern mobile operating systems—iOS and Android—deliberately do not give apps access to SIM identifiers, precisely to prevent spyware and malware from harvesting telecom credentials. Not even banking apps rely on SIM binding. They bind users to devices and depend on one-time SMS authentication, not continuous SIM verification.
There is a secure way to enable SIM-based authentication—but it lies with telecom operators, not app developers. Globally, the GSMA’s Mobile Connect framework already allows apps to securely ask operators to verify whether a SIM matches the one originally registered, without exposing identities. If the DoT is serious about SIM-based security, the logical path is to build this architecture through operators and OS-level collaboration—not to offload an unsolved systemic problem onto app developers.
Sanchar Saathi order
The same policy haste is evident in the Sanchar Saathi order. This is a platform that already exists—on a website and on app stores. Anyone can download it. Its utility is not in question: it helps users track the devices registered in their name, block stolen phones, and report fraud calls. The government says it wants higher awareness and adoption. Fair enough.
But then why force manufacturers to pre-install the app on every handset? Communications Minister Jyotiraditya Scindia has clarified that the app is optional, can be deleted anytime, and works only after user activation. If so, the policy undermines itself. If users can choose to delete it and must opt to use it, what exactly is achieved by mandating pre-installation—apart from adding cost, compliance friction, and complexity for manufacturers?
This is not a trivial matter. India has worked hard to position itself as a global hub for smartphone manufacturing and exports. Devices made here are not just for Indian consumers; they operate within global supply chains. If India mandates a pre-installed government app today, what stops another country from insisting on its own tomorrow? What happens when every ministry, department, and state government decides its “public good” app deserves a permanent place on the home screen?
The common thread in both directives is not bad faith, but bad process. The DoT is responding to real problems, but without the discipline of consultation. That is precisely why the Telecom Regulatory Authority of India exists—to conduct structured public discussions and assess both feasibility and consequences. Why bypass it? Make the apps available. Promote adoption. Strengthen security frameworks. But let users choose, and let policy follow process instead of impulse. In digital governance, speed is not reform. Design is.
