<p>A mobile phone today is not just a device. It is an extension of one's body and mind, and holds the key to everything from identity, work, family, education, health, and finances. To deny someone the use of their phone is to cut them off from the modern economy itself.</p><p>According to <a href="https://www.reuters.com/world/india/india-central-bank-plans-give-lenders-key-power-recover-small-loans-sources-say-2025-09-11/">news reports</a>, the <a href="https://www.deccanherald.com/tags/rbi">Reserve Bank of India (RBI)</a> is considering a change to its Fair Practices Code that would allow lenders to install applications capable of remotely locking mobile phones bought on credit if borrowers default on repayment.</p><p>The plan, if implemented, would rely on a remote management tool, known in the Cyber-Security Industry as Mobile Device Management software, a tool that gives remote administrators total control over a phone’s functions, and is typically used in a corporate setup, where employees having sensitive company data on their company issued devices, can be monitored for both external and insider threats.</p><p>Applying the same model of ownership and control, on a device paid for by a customer (partially at first, and fully at the end) is an alarming departure from the principles of fairness, privacy, and proportionality that should guide policy.</p>.The case for Cyber Saathis.<p>Consider the borrower who defaults on a small loan because their income is delayed or their job is disrupted. If their phone is remotely disabled, they are not only punished for the default. They are also stripped of their ability to search for work, to receive payments, to make emergency calls or to participate in everyday life. The measure targets precisely those who are most vulnerable, and compounds their hardship instead of resolving it.</p><p>The language of '<a href="https://www.reuters.com/world/india/india-central-bank-plans-give-lenders-key-power-recover-small-loans-sources-say-2025-09-11/#:~:text=will%20mandate%20prior-,consent,-from%20borrowers%20and">consent</a>’ offers no real protection here. In theory, borrowers will agree to the installation of an app that allows lenders to lock the phone. In practice, when someone desperately needs credit to buy a phone or cover a basic expense, the choice is illusory. They can either accept the intrusive condition, or go without the loan.</p><p>The proposal also conceals a deeper danger. Locking phones would not happen through a simple switch. It would involve Mobile Device Management (MDM) software. This tool was originally designed for companies to control and secure the devices of their employees. An MDM system is not limited to locking. It can track usage, extract logs, read or send SMS, disable applications, install applications and, in some cases, even interfere with banking apps or financial credentials, by installing digital certificates that can be used to run Man-In-The-Middle (MITM) attacks. </p><p>At a time when so much of life is lived through the phone, this means the lender can exercise power over the customer’s very existence. Their private communications, financial activity, and social connections could all fall within reach of a tool meant only to enforce loan repayment.</p><p>This is not a hypothetical risk. The possibility is real because once an MDM client is installed, its technical capabilities are extensive. Regulators may try to limit its use to ‘locking only’. But who will audit this? Who will certify that data is never accessed or transmitted? Who will prevent a lender, a rogue employee, or even a hacker from exploiting these permissions? A system of this kind does not just create the possibility of coercion. It creates a permanent architecture for surveillance.</p>.WhatsApp now allows users to block spam messages on phone's lock screen.<p>That is why the comparison with surveillance States is not exaggerated. In many authoritarian regimes, governments monitor phones for political or security reasons. If the RBI proposal becomes a reality, India would be endorsing a framework where private lenders can exercise even more direct control than some governments do. Citizens would not only face monitoring by the State but potential takeover of their digital identities by banks or fintechs. Such an arrangement would be more onerous and subservient than what is practised in most surveillance nations.</p><p>The privacy implications are profound. The Supreme Court in the <em>Puttaswamy</em> judgement held privacy to be a fundamental right. It affirmed that personal autonomy and dignity are intrinsic to freedom. Allowing lenders to control devices is a violation of that principle. It places corporate entities in the role of gatekeepers of an individual’s private life, with the sanction of the regulator.</p><p>The proposal also violates proportionality in contract enforcement. In lending, the law recognises that both parties must bear risk. Recovery mechanisms are designed to balance the interests of the lender and borrower. Remote disabling of phones tips that balance drastically in favour of lenders. It gives them powers far beyond the financial contract, with little scope for oversight or redress.</p><p>Further consider the following — An MDM software must be ‘un-installable’, and hence has to be burned as part of the device ROM, so that even with root access, the borrower can't remove it. Once this path is taken, given that most phones are bought on credit, this will become the de-facto mode, and even for phones not sold on credit.</p><p>This is not only a matter of consumer rights, but also where everyone, whether they take a loan or not, agrees to carry an extension of themselves, not in their control. Put differently, it affects our national security, because if everyone walks around with a phone that can be easily taken over by someone, how safe are even our politicians, generals, and judges? </p><p>There are better answers to the problem of defaults in small loans. Credit risk can be addressed through improved underwriting, more accurate data on borrower profiles and responsible credit limits. Borrowers facing hardship can be supported through restructuring and flexible repayment options. Financial literacy campaigns and stronger grievance redress mechanisms can reduce disputes. These are difficult reforms, but they respect the dignity of individuals, and they strengthen trust in the financial system.</p><p>The RBI has long enjoyed a reputation for prudence and balance. It has guided India through periods of turbulence by focusing on credibility and trust. This proposal risks diluting that reputation. The test of good policy is not only whether it addresses an immediate problem. It is whether it does so in a way that strengthens the values of justice, dignity and trust. On that test, this very idea falls fully and totally. It should be abandoned.</p><p><em>Srinath Sridharan is a corporate adviser and independent director on corporate boards. Anand Venkatanarayanan is co-founder and CTO, DeepStrat. </em></p>.<p>Disclaimer: The views expressed above are the author's own. They do not necessarily reflect the views of DH.</p>
<p>A mobile phone today is not just a device. It is an extension of one's body and mind, and holds the key to everything from identity, work, family, education, health, and finances. To deny someone the use of their phone is to cut them off from the modern economy itself.</p><p>According to <a href="https://www.reuters.com/world/india/india-central-bank-plans-give-lenders-key-power-recover-small-loans-sources-say-2025-09-11/">news reports</a>, the <a href="https://www.deccanherald.com/tags/rbi">Reserve Bank of India (RBI)</a> is considering a change to its Fair Practices Code that would allow lenders to install applications capable of remotely locking mobile phones bought on credit if borrowers default on repayment.</p><p>The plan, if implemented, would rely on a remote management tool, known in the Cyber-Security Industry as Mobile Device Management software, a tool that gives remote administrators total control over a phone’s functions, and is typically used in a corporate setup, where employees having sensitive company data on their company issued devices, can be monitored for both external and insider threats.</p><p>Applying the same model of ownership and control, on a device paid for by a customer (partially at first, and fully at the end) is an alarming departure from the principles of fairness, privacy, and proportionality that should guide policy.</p>.The case for Cyber Saathis.<p>Consider the borrower who defaults on a small loan because their income is delayed or their job is disrupted. If their phone is remotely disabled, they are not only punished for the default. They are also stripped of their ability to search for work, to receive payments, to make emergency calls or to participate in everyday life. The measure targets precisely those who are most vulnerable, and compounds their hardship instead of resolving it.</p><p>The language of '<a href="https://www.reuters.com/world/india/india-central-bank-plans-give-lenders-key-power-recover-small-loans-sources-say-2025-09-11/#:~:text=will%20mandate%20prior-,consent,-from%20borrowers%20and">consent</a>’ offers no real protection here. In theory, borrowers will agree to the installation of an app that allows lenders to lock the phone. In practice, when someone desperately needs credit to buy a phone or cover a basic expense, the choice is illusory. They can either accept the intrusive condition, or go without the loan.</p><p>The proposal also conceals a deeper danger. Locking phones would not happen through a simple switch. It would involve Mobile Device Management (MDM) software. This tool was originally designed for companies to control and secure the devices of their employees. An MDM system is not limited to locking. It can track usage, extract logs, read or send SMS, disable applications, install applications and, in some cases, even interfere with banking apps or financial credentials, by installing digital certificates that can be used to run Man-In-The-Middle (MITM) attacks. </p><p>At a time when so much of life is lived through the phone, this means the lender can exercise power over the customer’s very existence. Their private communications, financial activity, and social connections could all fall within reach of a tool meant only to enforce loan repayment.</p><p>This is not a hypothetical risk. The possibility is real because once an MDM client is installed, its technical capabilities are extensive. Regulators may try to limit its use to ‘locking only’. But who will audit this? Who will certify that data is never accessed or transmitted? Who will prevent a lender, a rogue employee, or even a hacker from exploiting these permissions? A system of this kind does not just create the possibility of coercion. It creates a permanent architecture for surveillance.</p>.WhatsApp now allows users to block spam messages on phone's lock screen.<p>That is why the comparison with surveillance States is not exaggerated. In many authoritarian regimes, governments monitor phones for political or security reasons. If the RBI proposal becomes a reality, India would be endorsing a framework where private lenders can exercise even more direct control than some governments do. Citizens would not only face monitoring by the State but potential takeover of their digital identities by banks or fintechs. Such an arrangement would be more onerous and subservient than what is practised in most surveillance nations.</p><p>The privacy implications are profound. The Supreme Court in the <em>Puttaswamy</em> judgement held privacy to be a fundamental right. It affirmed that personal autonomy and dignity are intrinsic to freedom. Allowing lenders to control devices is a violation of that principle. It places corporate entities in the role of gatekeepers of an individual’s private life, with the sanction of the regulator.</p><p>The proposal also violates proportionality in contract enforcement. In lending, the law recognises that both parties must bear risk. Recovery mechanisms are designed to balance the interests of the lender and borrower. Remote disabling of phones tips that balance drastically in favour of lenders. It gives them powers far beyond the financial contract, with little scope for oversight or redress.</p><p>Further consider the following — An MDM software must be ‘un-installable’, and hence has to be burned as part of the device ROM, so that even with root access, the borrower can't remove it. Once this path is taken, given that most phones are bought on credit, this will become the de-facto mode, and even for phones not sold on credit.</p><p>This is not only a matter of consumer rights, but also where everyone, whether they take a loan or not, agrees to carry an extension of themselves, not in their control. Put differently, it affects our national security, because if everyone walks around with a phone that can be easily taken over by someone, how safe are even our politicians, generals, and judges? </p><p>There are better answers to the problem of defaults in small loans. Credit risk can be addressed through improved underwriting, more accurate data on borrower profiles and responsible credit limits. Borrowers facing hardship can be supported through restructuring and flexible repayment options. Financial literacy campaigns and stronger grievance redress mechanisms can reduce disputes. These are difficult reforms, but they respect the dignity of individuals, and they strengthen trust in the financial system.</p><p>The RBI has long enjoyed a reputation for prudence and balance. It has guided India through periods of turbulence by focusing on credibility and trust. This proposal risks diluting that reputation. The test of good policy is not only whether it addresses an immediate problem. It is whether it does so in a way that strengthens the values of justice, dignity and trust. On that test, this very idea falls fully and totally. It should be abandoned.</p><p><em>Srinath Sridharan is a corporate adviser and independent director on corporate boards. Anand Venkatanarayanan is co-founder and CTO, DeepStrat. </em></p>.<p>Disclaimer: The views expressed above are the author's own. They do not necessarily reflect the views of DH.</p>
