These communication apps pose as “sovereign” alternatives to WhatsApp – but for privacy we at Tuta would strongly recommend these alternatives instead – while in fact, the state-controlled apps open the door for unlimited mass surveillance and turn every phone in these countries into small surveillance machines – without even requiring a backdoor to encryption.

Turn ON Privacy in one click.

Get

Surveillance tools disguised as “safety apps”

App permissions of the Sanchar Saathi app. Screenshot: Reddit.

Sanchar Saathi was announced this week by the Indian government as an app that needs to come pre-installed, and that can not be “disabled or restricted”. Supposedly, the app helps against the theft and loss of smartphones. First published in January 2025, the Indian app lets users check their device’s IMEI, they can report a lost or stolen phone, and they can flag messages that they believe are fraudulent. According to official sources, the app has helped detect or block more than 4,2 million lost or stolen phones since launch - of which 50,000 just in October - in a market of more than 1 billion phones.

The International Mobile Equipment Identity (IMEI) is a code of 15 digits that uniquely identifies a mobile device and authenticates it on a cellular network. The Indian government states that one reason for the app launch is that it wants to crack down on smartphones with duplicate or spoofed IMEI numbers as these would pose “serious endangerment” to cybersecurity.

India has big second-hand mobile device market. Cases have also been observed where stolen or blacklisted devices are being re-sold,” the government statement said.

A similar story just took place three months earlier in Russia. The Russian government published a similar policy with MAX, a new messenger app developed by the state-linked company VK. As of September 1st 2025, all smartphones and tablets sold in Russia must come with MAX pre-installed.

But Max is not just a simple messaging app. Similar to China’s WeChat, it is supposed to become a “super-app” that combines chat and messaging, payments, digital IDs, and access to government services.

But under the surface, security and privacy experts argue that both apps - Sanchar Saathi and Max - are designed for mass surveillance. Both apps do not come with strong end-to-end encryption and can be easily used for surveillance.

Sanchaar Saathi has an amazingly large set of permissions: The Indian app can make and manage phone calls, send chat messages, access logs of calls and messages, and access photos, files, and the phone’s camera.

And privacy advocates have described the Max app to be part of Russia’s digital iron curtain: The aim is to replace foreign encrypted chat apps with Max - developed and controlled by VKontake, a company with a direct line to the Kremlin.

Apple will not comply

Indian’s new rule would oblige smartphone manufacturers (Apple, Samsung, Xiaomi, Oppo, Vivo and others) to pre-install the app in such a way that it is “readily visible and accessible” to users when they set up their phones; the app’s functionalities must not be disabled or restricted. In addition, phone producers must “make an endeavour” to install the app on older phones through software updates. Companies were asked to send a compliance report within 120 days.

While other smartphone makers have not yet commented on this, Apple already said, it would not comply with the order to pre-install this state-owned app on iPhones.

How spying via these government apps could work

Sanchar Saathi and Max are closed source apps, and no one can see what these apps do exactly - and this is exactly why these apps are so dangerous.

But first things first: End-to-end encrypted apps like Signal and Tuta Mail will remain safe as these state-owned apps are not able to break the encryption. So if you are in India, switch to private, encrypted alternatives now, possibly from Europe, a region with some of the best data protection laws, namely the GDPR.

However, the bad news is: Such an app does not need to break encryption to learn a lot about you. It can be deeply integrated into your device, and learn a lot from meta data. The state-owned app can gain insights into device activity, contact information, movement, and communication patterns. Even without accessing encrypted content, it can see who you speak to, when, and for how long; where you were at the time; and which apps you regularly use. This metadata often reveals as much as message content, because it exposes your social networks, habits, and physical locations.

Given that the possibilities of monitoring you seem to become endless, it’s now even more important that you start using secure, encrypted chat and email apps such as Signal and Tuta Mail.

Turn ON Privacy in one click.

Get

Final thought

2025 is a tough year for privacy rights around the world. While the EU finally decided on a version of Chat Control without breaking end-to-end encryption due to heavy public backlash, Russia and India seem to follow China’s path: More surveillance, more control. By embedding their state-controlled apps directly into the devices citizens use on a daily basis, they create the perfect tools to monitor every step of their own citizens.

To us at Tuta, this is very alarming: We must make sure that our devices belong to us - not to Big Tech (like in the case where Google is trying to limit what apps you can install, and Apple is still not letting you install the apps of your choice) and not to the government that wants to force state-owned surveillance apps onto users’ phones.

Together we must keep fighting for our right to privacy!