In mid-2023, the Department of Telecommunications (DoT) introduced Sanchar Saathi, a service aimed at helping citizens block and trace stolen mobile phones. Having had the privilege of working on this initiative during my stint at Qualcomm in 2014-2016, I see this as the perfect opportunity to revisit and share insights into how the system works and where it falls short. Back in May 2016, I had written an article explaining the mechanics of this system, and for those curious, that serves as a good starting point.
In this note, I intend to build on that foundation, delving into the current implementation of Sanchar Saathi—its limitations and why these shortcomings hinder its ability to track and recover all stolen mobile phones. Beyond that, we’ll explore how the system, with the right enhancements, could achieve far more than just recovering stolen devices. I’ll discuss the key improvements it needs to go through to serve broader objectives, the impact these changes will have on consumers and the common man, and how they can contribute to making this system more robust and effective.
Background
Before diving into the details of the current system, it’s essential to understand the journey that brought us here. This background will help readers appreciate how this initiative evolved over time and shed light on the events and decisions that shaped it. By tracing this history, we can better understand the challenges and limitations of the system as it exists today.
The idea of blocking stolen mobile phones isn’t new. The Telecom Regulatory Authority of India (TRAI) initiated consultations on this matter twice in the past—first on 31st January 2004, and then on 2nd November 2010. Unfortunately, both attempts fell through.
In 2004, operators dismissed the proposal, claiming they lacked the technology to block stolen handsets. By the 2010 consultation, the response had significantly improved, with widespread support from operators, industry associations, and other stakeholders. However, the process was derailed by concerns over the prevalence of “cloned IMEI numbers.” Without unique IMEIs, blocking stolen devices would risk rendering legitimate devices inoperative. Consequently, TRAI shelved the process without issuing recommendations.
This setback highlighted the core issue: the success of any blocking system depends on the uniqueness of IMEI numbers. But why were so many cloned devices present in the network? Who was responsible for this cloning, and how did it escalate to such an extent? To answer these questions, we need to revisit a critical period that preceded TRAI’s 2010 consultation. But first, let’s understand what an IMEI is.
What is an IMEI?
An IMEI (International Mobile Equipment Identity) number is a mobile device’s unique identifier, often referred to as its digital fingerprint. This 15-digit number encodes key details about the device, such as its manufacturer, model, and serial number, and plays a crucial role in functions like device tracking and network connectivity.
The IMEI structure is carefully designed to ensure uniqueness and reliability. The first eight digits, known as the Type Allocation Code (TAC), identify the device’s manufacturer and model. Following this, six digits make up the unique serial number assigned to the device, while the final digit serves as a check digit used for validation. These IMEI numbers are globally assigned by the GSMA, ensuring that every mobile device manufactured worldwide has a distinct identifier. In India, tampering with IMEI numbers is illegal under Clause 8(3) of the Indian Cyber Security Rules (Nov 2024), as well as in many other countries, due to the critical role IMEIs play in device tracking, identification, and overall security.
Campaign Against “Zero IMEI”
The issue of invalid IMEIs came to prominence on 6th October 2008, when the Department of Telecommunications (DoT) issued an order requiring operators to block mobile phones with “Zero/Invalid IMEI” numbers (e.g., 000000000000000). These devices posed a significant national security risk, as they hindered law enforcement’s ability to trace devices used in crimes or terrorist activities.
The DoT instructed operators to implement this directive within 15 days in areas where the necessary infrastructure was available, and within three months elsewhere. Follow-up orders, including one dated 25th June 2009, set a compliance deadline of 30th June 2009.
Given the large number of phones with Zero/Invalid IMEIs, outright blocking would have disrupted services for millions of consumers. To address this, the government and operators collaborated on a solution. GSMA provided the know-how to reprogram such devices with valid IMEI numbers. A network of Genuine IMEI Implantation (GII) centers was established nationwide, where consumers could get their devices reprogrammed for ₹199. Public awareness campaigns, including newspaper advertisements, informed users about the compliance deadline.
Impact of the Campaign
While the campaign successfully converted a large number of devices with Zero/Invalid IMEIs into valid ones, it inadvertently had a darker side. The widespread dissemination of knowledge about reprogramming IMEI numbers enabled the cloning of IMEIs on a large scale. In the absence of a system to detect and prevent duplication, this activity likely went unchecked, leading to a surge in devices with cloned IMEIs within the network.
This unintended consequence severely undermined the campaign’s objective of mitigating security risks. Devices with cloned IMEIs are as problematic as those with Zero/Invalid IMEIs, as they too cannot be uniquely identified or traced. Consequently, the system’s effectiveness in addressing national security concerns was significantly compromised.
Clone Detection and Blocking System
Now having gone through the background and associated events of the past, we are all set for the discussion as to how a clone detection and blocking system is meant to work, and only then we will be able to understand the limitation of the current system that DOT has implemented. A fully functional clone detection and blocking system must be set up to work in multiple phases. In the first phase, the system needs to “ring fence” the entire universe of existing cloned handsets that got seeded into the system due to reasons as stipulated above. This should be done with a purpose that the universe of these cloned / duplicated IMEI based handsets are preventing any further growing. The system must also ensure that consumers holding such handsets should be allowed to functions normally without any breakdown of services seamlessly without any restriction – like changing handsets, gifting them away to friends, and binding them with different SIMs and mobile numbers. But why changing, selling and gifting cloned handsets with same IMEI should it be an issue, for that we need to understand how the system blocks illegal handsets from functioning in the networks.
How Blocking Works
Blocking an illegal handset begins with the need to identify it uniquely from all legitimate devices on the network. This is achieved through the IMEI (International Mobile Equipment Identity) number, which is designed to be globally unique for every device, as assigned by GSMA. However, the system faces challenges when IMEI numbers are tampered with by certain players or Original Equipment Manufacturers (OEMs) to bypass the GSMA allocation system. Such tampering allows for the illegal production of low-quality handsets, which avoid paying royalties to technology developers and compromise network efficiency. This not only undermines the integrity of the ecosystem but also risks long-term harm to the industry.
To address these issues, operators create a temporary binding between the tampered or cloned IMEI and the IMSI (International Mobile Subscriber Identity). The IMSI is a unique identifier for mobile subscribers and includes key details such as the Mobile Country Code (MCC), the Mobile Network Code (MNC), and a unique subscriber number within the operator’s network. By binding the IMSI to a cloned IMEI, operators can still uniquely identify the device within the network and manage it effectively.
While this binding process addresses the immediate issue of duplicated IMEIs, it also raises questions about legitimate consumer needs. For example, a consumer may wish to break this pairing to switch operators, gift the device, or sell it to another user. To accommodate this, a regulated process can be established, allowing users to request pairing changes through a web-based platform. This system can verify KYC (Know Your Customer) details before permitting any changes, ensuring that legitimate users are not inconvenienced while preventing the further spread of illegal IMEI-based handsets.
Over time, as the ecosystem of cloned or illegal IMEIs shrinks, the network will gradually stabilize. Eventually, the system will reach a point where such pairings are no longer needed, and only devices with valid, unique IMEIs will function. However, achieving this ideal state will require a phased approach and significant time to stabilize the system.
During this transition, interim measures are necessary to address challenges like stolen devices or the entry of illegal handsets. For instance, if a device is stolen or an invalid IMEI handset attempts to connect, the system can detect and block it. To make this possible, all operators must integrate their databases into a centralized system that continually queries the GSMA database to validate IMEIs. This unified approach ensures only legitimate devices operate on the network and provides a robust mechanism to tackle illegal handsets effectively.
In the long run, the objective is to establish a network where only devices with valid and unique IMEIs can connect. While this will take time to implement fully, the phased approach ensures that the system evolves steadily, addressing immediate challenges while working towards a secure and efficient ecosystem.
Indian Blocking System – What Phase of Deployment is it In?
The Indian system for blocking illegal and stolen handsets is still at a very nascent stage—what could be described as Phase 0. The current system lacks an inbuilt mechanism to uniquely identify handsets with cloned IMEI numbers, as there is no pairing or binding of duplicate IMEIs with IMSIs. Without this foundational structure, how can the system detect and block illegal handsets with 100% accuracy? It simply cannot. The system relies on the assumption that the handsets reported as stolen or illegal are not duplicated or cloned in the network.
Now consider a scenario where multiple handsets with cloned IMEI numbers are active in the network. Blocking one of these devices would inadvertently disrupt services for all other devices sharing the same IMEI, as there is no IMSI-IMEI pairing in place to distinguish between them. While pairing could resolve this issue, it would come at a cost—users would lose the flexibility to easily change SIM cards or sell their handsets in the secondary market without going through additional steps. This lack of pairing makes the current system highly porous, essentially functioning as a minimal subset of what a fully operational clone detection and blocking system should be.
For instance, imagine a thief with a 2G feature phone containing either a valid or cloned IMEI. If they steal a new 5G smartphone, they could easily tamper with the feature phone’s IMEI and overwrite it with the stolen phone’s IMEI. Without pairing, the system would struggle to detect this manipulation. While it might practically be possible for the system to detect the discrepancy—such as identifying a 2G phone falsely claiming to be a 5G device—implementing such a capability is both complex and resource-intensive. It would require operators to install additional layers of software to identify functional disparities between devices connected to their networks.
At present, it is unclear if such a functionality exists in the system. Detecting such anomalies would be far from straightforward and would demand significant upgrades to the operator’s infrastructure. In this way, a smart thief could exploit the system’s gaps and bypass detection altogether.
The Indian blocking system, as it stands today, is not equipped to tackle these challenges comprehensively. Moving to a more robust system will require not only technological enhancements but also a rethink of how to balance security with user convenience and flexibility.
Conclusion
Implementing a robust system to detect and block handsets with illegal IMEIs has the potential to bring significant benefits to the entire ecosystem. It can curb the growing menace of handset theft by dismantling the market for stolen devices. Beyond reducing theft, such a system would improve overall security by preventing the use of tampered or cloned IMEIs, which could otherwise enable criminal activities. Additionally, it would enhance network efficiency by eliminating poor-quality handsets manufactured using compromised processes that bypass royalties owed to technology developers, thereby safeguarding intellectual property rights.
Another important aspect is the economic impact. A comprehensive IMEI blocking system would prevent the unregulated entry of foreign-imported handsets, ensuring that all devices are properly registered and accounted for. This, in turn, could enable the government to recover significant revenue in the form of taxes that currently go uncollected. Such a system would also strengthen the manufacturing ecosystem in India, discouraging illegal handset imports and incentivizing legitimate production.
As the Indian Equipment Identity Register (EIR)-based system evolves, it is likely that the government will transition to a fully-fledged detection and blocking system. However, this advancement will come with certain trade-offs. For example, consumers may face reduced flexibility, as every handset entering the market may need to be registered through a web-based system to enable mobile services. While this may introduce some transactional costs for users, the long-term benefits—such as robust KYC, improved device tracking, and better monitoring of the network—would far outweigh these inconveniences.
A mature system would ensure that every device operating on the network is traceable, making it nearly impossible for stolen or illegal handsets to function. Such measures would significantly enhance the accountability and transparency of the ecosystem, providing a safer, more secure environment for consumers while supporting national security efforts.
Finally, while the current system is at a nascent stage, its potential to evolve into a sophisticated detection and blocking framework offers immense promise. Achieving this vision will require technological advancements, infrastructural upgrades, and a balance between security and user convenience. If implemented effectively, it could transform India’s telecom landscape by fostering a secure, efficient, and accountable network for all stakeholders.