Key points
- Source code access raises industry concerns
- Global tech firms oppose new rules
- Government says consultations still ongoing
NEW DELHI: India is considering a broad overhaul of smartphone security regulations that would require device makers to make major software changes, a move that has triggered concern among global technology companies.
The proposals, part of the government’s efforts to strengthen data security amid rising online fraud and breaches, include a package of 83 security standards for smartphones sold in India, the world’s second-largest mobile market with nearly 750 million users.
Among the most contentious elements is a requirement that could allow authorities to review source code and conduct vulnerability analysis at designated Indian laboratories, reports Reuters.
Technology companies including Apple, Samsung, Google and Xiaomi have raised objections, arguing that such measures lack global precedent and risk exposing proprietary information. Industry representatives say no major markets in Europe, North America or Asia mandate source code access for smartphones.
Government officials, however, have sought to play down concerns. IT Secretary S. Krishnan said authorities were open to addressing legitimate industry issues and cautioned against drawing conclusions while consultations were ongoing.
Robust regulatory framework
In a later statement, the IT ministry said it routinely engages with industry to develop a “robust regulatory framework for mobile security” and rejected claims that it was formally seeking source code, without elaborating further.
Beyond source code access, the proposals would require manufacturers to notify the government in advance of major software updates and security patches. They would also mandate changes allowing users to uninstall pre-installed apps and restrict applications from accessing cameras and microphones in the background, aimed at preventing misuse.
Industry body MAIT, which represents major smartphone makers, has warned that some requirements could be impractical. It said mandatory, periodic malware scans could drain battery life, while advance approval of software updates could delay urgent security fixes. MAIT has also questioned proposals to store phone system logs for at least 12 months, citing storage limitations.
India has previously clashed with technology firms over regulatory demands, including surveillance and security rules. With further meetings scheduled between officials and industry executives, the debate underscores the challenge of balancing national security priorities with innovation and commercial confidentiality in a rapidly digitising economy.
