TraceX Labs Warns Sanchar Saathi Mandate Could Create Pegasus-Style Surveillance Architecture

Cybersecurity researchers at TraceX Labs have raised concerns about India’s proposed mandate to pre-install the government-operated application Sanchar Saathi on smartphones, warning that the structure of the policy could potentially enable large-scale monitoring of user activity.

Sanchar Saathi, developed by the Department of Telecommunications, was introduced to help users track stolen devices, verify IMEI numbers and report suspected telecom fraud. The platform was launched as part of India’s broader efforts to combat cybercrime and reduce the misuse of stolen or fraudulent mobile devices.

Under a directive issued in late 2025, smartphone manufacturers were reportedly asked to pre-install the Sanchar Saathi application on new devices and push the software to existing users through updates. The proposal also raised concerns because of provisions suggesting that the application could not easily be removed or disabled.

According to TraceX Labs, such a syste if implemented without transparency could resemble the architectural characteristics of surveillance tools such as Pegasus spyware, which became widely known after global investigations revealed its use in targeted digital monitoring.

The researchers stated that the app requests multiple permissions, including access to location data, device identifiers such as IMEI numbers, network status information, and communication metadata. They warned that when combined with system-level persistence and mandatory installation, such capabilities could theoretically enable large-scale monitoring if misused.

TraceX Labs clarified that the application itself should not automatically be considered spyware, but argued that forced installation of a non-removable app with deep device visibility could create a one-directional monitoring environment where the system can observe the user while the user has limited insight into the system’s operations.

The proposal triggered political and public debate across India. Several political leaders and digital rights advocates compared the mandate to surveillance practices revealed during the Pegasus Project revelations and raised questions about privacy protections.

Supporters of the initiative argue that Sanchar Saathi is primarily intended to protect consumers. Government officials say the system helps identify stolen phones, block fraudulent devices, and support law-enforcement investigations into telecom fraud and SIM misuse.

Following criticism from technology companies, civil-liberty groups, and sections of the opposition, the government later clarified that the application would not be mandatory for all devices, and the proposal to enforce universal pre-installation was withdrawn.

Despite the rollback, cybersecurity researchers say the debate highlights the broader challenge of balancing digital security initiatives with privacy safeguards in an increasingly connected smartphone ecosystem.