India govt’s attempts to mandate 24/7 phone tracking faces pushback
Sign up now: Get insights on Asia's fast-moving developments
Recent government notifications have tried to mandate round-the-clock tracking of all phones in India in multiple ways.
PHOTO: AFP
Follow topic:
BENGALURU - The Indian government is increasingly eager to collect real-time personal data on its one billion people, but some of its digital surveillance attempts
Recent government notifications have tried to mandate round-the-clock tracking of all phones in the country in multiple ways, purportedly to address cybercrime and strengthen national security.
However, phone makers, digital companies and privacy advocates have criticised the attempts at constant surveillance as eroding digital privacy and exposing mass volumes of personal data to breach or misuse. On the flip side, Indian telecommunications companies support some of these measures, which could boost their revenues.
India is the world’s second-biggest mobile market, with 735 million smartphones and around one billion internet subscribers.
On Nov 28, the Department of Telecommunications (DoT) mandated that mobile manufacturers and importers must preload a government app
However, its mandatory installation raised significant privacy concerns as it demands full access to features such as the device’s camera, Global Positioning System location, and even torch, and cannot be deleted nor restricted.
Experts who examined the app cautioned that such unavoidable and irrevocable permissions deepen state presence on personal devices and undermine privacy.
Unlike the US and much of Europe, where security services on devices are optional and built on a foundation of user consent, India’s approach is more in line with countries like Russia, which has mandated a similar state-run app.
“Sanchar Saathi is a lost phone tracker, but if it gets embedded with no possibility of removal, it becomes a government tracker on your device,” wrote digital rights advocate Nikhil Pahwa in an analysis on social media platform X.
“If they get away with this, more will follow,” he added.
After iPhone-maker Apple decided to challenge the order in court as it is in conflict with its global privacy and system standards, the Indian government rolled back the order on Dec 3.
On Dec 1, the DoT announced another policy mandating “SIM binding” for communication apps. This measure would tie a user’s account to only a single mobile SIM card to prevent misuse of messaging apps like WhatsApp, Signal and Telegram to commit cybercrime.
The policy, slated to take effect in February 2026, will change how users access messaging apps. It will restrict app usage on multiple devices like desktops and phones, and impose restrictions on international use by deactivating apps when the original SIM card has been swopped. Additionally, users will be required to log out of web-based sessions every six hours.
The Cellular Operators Association of India, a lobby of telecom companies that includes top players Airtel and Reliance Jio, in a Dec 10 statement welcomed SIM binding as a “balanced, privacy-respecting security measure”. It added that international use and having a six-hour logout cycle were essential safeguards.
Consumer sentiment differs, as one in two consumers believes that SIM binding will cause disruption and inconvenience, a social media survey by community organiser Localcircles found.
India recorded more than 86,000 cases of cybercrime in 2023 – the latest year for which government crime data is available, making it an issue of much concern. But the efficacy of SIM binding in preventing crime is unclear.
A senior cybercrime investigator with the Bengaluru police told The Straits Times under the condition of anonymity that he is “not sure how SIM binding would curb scams, as most cybercriminals use SIM cards obtained through forged identity documents”. He believes that a move that would cause considerable friction for millions of people using messaging apps offers “only limited use in tracking fraud”.
Another surveillance-related initiative appears to be in development. According to a Dec 5 Reuters report, the Indian government is reviewing a telecom industry proposal that will force smartphone makers to ensure that GPS location services on phones are perpetually kept activated. Users would no longer have the option to disable their GPS location.
Currently, government agencies do not get precise locations when legal requests are made to telecom companies during investigations because the companies provide cellular tower data that can provide only an approximate location.
Apple, Google and Samsung have opposed the always-on GPS tracking, raising privacy concerns.
The India Cellular & Electronics Association, a lobby group that represents both Apple and Google, wrote to the government that the measure to track device-level locations has no precedent anywhere else in the world, and that the GPS network service was never intended for “location surveillance” and constituted “regulatory overreach”.
Experts said such orders are partly motivated by the concerns of Indian telecom companies to safeguard their commercial interests.
Mr Pahwa wrote in telecom analysis website MediaNama: “India already has good enough location tracking via cell tower triangulation and monitoring of citizens using the Centralised Monitoring System which is embedded in telecom operator networks. Telecom companies do not want to upgrade infrastructure (more cell towers to make locating a person even sharper than 50m to 150m), so they prefer shifting the traceability burden to the handset.”
In the past, telecom companies have called the growing number of state surveillance requests a “disproportionate obligation” on the industry. In 2022, telecom giant Airtel requested that the federal and state governments, as well as law enforcement authorities, share the cost of surveillance incurred by telecom operators when call interception orders are issued. It cited an Australian law that instituted such a cost-sharing mechanism.
With “every act of surveillance justified under national security”, Mr Pahwa said that if the recent orders for GPS location and SIM binding go through, “every phone becomes an active tracker”.
Mr Apar Gupta, founder director of Internet Freedom Foundation, said continuous GPS tracking reduces the need for telecom companies to install more cellphone towers and SIM binding would compel people to purchase more internet connections – both of which benefit “telecom companies that want to protect their profits”.
“Continuous tracking will also mean law enforcement agencies won’t need to make legal requests for location data as they do now – this suits the government.
“The government’s stated reasons (of national security and preventing fraud) to hand over our phone and personal data do not hold up to scrutiny. It is an expression of the state’s growing authoritarianism and appetite for mass surveillance,” he added, noting that it is worsened by “the flimsy safeguards that govern how the state can use the data it gathers”.
India’s Digital Personal Data Protection Act, 2023, grants significant immunity to government agencies, allowing them broad exemptions to process personal data without full compliance, consent nor limits on how the data is used, drawing debate over potential misuse and accountability.
