DoT tightens fraud rules: Pre-install Sanchar Saathi, bind OTT apps to SIM

Directive warns of action under Telecom Act; old phones must get app via software updates

Don't want to miss the best from Business Standard?

The Department of Telecommunications (DoT) has asked all mobile handset makers to mandatorily pre-install the Sanchar Saathi application (app) in all their newer products, whether manufactured or imported for use in the country, ministry of communications said in a directions issued on November 28.  

 

In the letter sent to all handset manufacturers and importers, the artificial intelligence (AI) and digital intelligence unit of DoT said companies must pre-install the app and ensure that it is “readily visible and accessible to the end users at the time of first use or device setup”, and that its functionalities are not disabled or restricted. It also directed that the app “cannot be removed or disabled”.

 

“For all such devices that have already been manufactured and are in sales channels in India, the manufacturer and importers of mobile handsets shall make an endeavour to push the app through software updates,” according to the directive issued on November 28, which gives 120 days for compliance. Failure to comply will attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024, and other laws, it added.

 

The Sanchar Saathi app allows users to check the validity of a handset’s International Mobile Equipment Identity (IMEI) details, verify device authenticity, report cyberfraud and spam calls, report stolen mobile phones, and address other aspects of telecom cybersecurity. Launched in January, the app also enables users to manage mobile connections registered in their name, block stolen phones, and verify IMEI misuse.

 

According to Ministry of Communications data as of July, DoT has blocked 550,000 handsets and deactivated 20,000 bulk SMS senders.

 

For devices that have already been manufactured or are with retail partners, handset makers will have to push users to download the app through “software updates”.

 

“All manufacturers and importers of mobile handsets that are intended for use in India shall submit compliance reports to DoT within 120 days from issue of these directions,” DoT said in its directive.

 

The instructions have drawn criticism from mobile phone makers and industry executives, who said the directions were “not practically implementable” and that DoT did not consult handset makers before issuing them.

 

Telecommunications service providers have separately asked DoT to mandate that SMS-based one-time passwords (OTPs) become the primary factor of authentication for financial transactions. “For all financial transactions, the primary factor of authentication should mandatorily be through SMS OTP, which continues to remain the most secure, operator-verified channel with guaranteed traceability,” said S P Kochhar, director general of the Cellular Operators Association of India (COAI), which represents Reliance Jio, Bharti Airtel, and Vodafone Idea.

 

He added that strengthening this requirement would reduce fraud and reinforce consumer trust. The industry body has asked the department to engage with the Reserve Bank of India to ensure implementation.

 

On November 28, the AI and digital intelligence unit of DoT also issued another set of instructions to over-the-top communication platforms such as WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh, asking them to complete the SIM-binding-to-device exercise within the next 90 days. The directive said that these intermediaries must ensure that the app on the device is continuously linked to the SIM card and the phone number on which the account was registered.

 

Apps that allow users to operate the same account on multiple devices should ensure that companion devices are logged out “periodically” at least every six hours, after which users can log back in using a quick response code.

 

COAI’s Kochhar said this requirement reinforces the industry’s long-standing demand for binding communication apps with mobile SIMs for national security and cyberfraud prevention. He called DoT’s mandate a “much-needed initiative”.

 

However, communication apps criticised the directive, saying that it was issued without discussions with the industry and would cause disruptions to user experience. Major communication apps have been given 90 days to comply and 120 days to submit compliance reports.

 

All telecommunication identifier user entities or companies that use mobile numbers or SIM cards to identify or differentiate users will also need to ensure compliance with these directions and submit reports within the next 120 days, DoT said.