Static Security & Privacy Analysis of Sanchar Saathi App (Educational Research)

Education security report

Saranyo Deyasi

~2 min read · December 22, 2025 (Updated: December 22, 2025) · Free: Yes

Introduction

Mobile applications have become a vital part of our daily lives. Understanding the security and privacy posture of apps, especially government-related apps, is essential. This research focuses on Sanchar Saathi, a mobile app that helps users identify their own mobile number and verify SIM card usage.

This article presents static analysis findings and recommendations for improving security and privacy. No live exploitation or unauthorized access was performed — this is purely educational and research-focused.

App Overview

App Name: Sanchar Saathi
Package Name: com.dot.app.sancharsaathi
Version Analyzed: 1.5.0
Platform: Android (Min SDK 28, Target SDK 35)
Purpose: Helps users verify SIM card details and mobile number usage

Methodology

The analysis was conducted using static techniques, focusing on permissions, manifest configuration, and potential privacy concerns. Tools used include:

APKTool for manifest inspection
JADX for decompiled code review
MobSF (Mobile Security Framework) for automated static analysis

The research followed a responsible disclosure approach: no dynamic attacks, no API exploitation, and no unauthorized data access.

Findings

1. Permissions Requested

The app requests the following sensitive permissions:

READ_PHONE_STATE → required to access SIM and phone details
INTERNET → required for network connectivity
ACCESS_NETWORK_STATE → to check connection status

Observation: All permissions are relevant for the app's functionality. No excessive or unnecessary permissions detected.

2. Manifest Configuration

No exported components that could be exploited externally
Proper use of android:exported attributes
Secure configuration of services and broadcast receivers

Observation: Manifest is well-configured, following Android security best practices.

3. Privacy Considerations

The app collects minimal personal data (mainly phone number verification)
No evidence of sending sensitive data to third-party servers without consent
No hardcoded API keys or secrets found in the code

Observation: The app demonstrates good privacy hygiene.

4. Recommendations

Conduct regular security audits for future updates
Include a privacy policy update highlighting data handling
Continue monitoring third-party SDKs for potential vulnerabilities

Conclusion

Sanchar Saathi exhibits strong security and privacy practices in its current version. The app requests only necessary permissions, is properly configured, and minimizes unnecessary data collection. Continued static and dynamic analysis is recommended to ensure ongoing compliance and security.

Disclaimer

This report is based solely on static analysis and publicly available information. No live exploitation, dynamic attacks, or unauthorized access were performed. The findings are for educational and responsible disclosure purposes only.

#cybersecurity #security-research #information-security #mobile-security #app-security