India proposes contentious security overhaul for smartphone manufacturers, asks for source code: Report

Report: As per a Reuters report, the Indian government has asked smartphone manufacturers for a security overhaul, adding stricter regulations and requiring manufacturers to share proprietary source code.

The Indian government is weighing a significant tightening of security regulations that could require smartphone manufacturers to disclose their proprietary source code, according to reports from Reuters. The proposal, emerging from a draft of over 80 new security standards, has sparked immediate concern among global technology giants, including Apple, Samsung, and Xiaomi.

The Pursuit of Digital Sovereignty

Under the proposed Indian Telecom Security Assurance Requirements (ITSAR), manufacturers may be forced to submit their underlying programming instructions (the source code) to government-authorised laboratories for vulnerability testing and analysis. This move is part of a broader push by Prime Minister Narendra Modi’s administration to protect the country's 750 million smartphone users against a rise in sophisticated data breaches and online fraud.

Strong Resistance from Global Tech Leaders

The proposals have met with robust behind-the-scenes opposition from the industry. MAIT, an industry group representing major manufacturers, has reportedly described the requirements as "not possible" due to the extreme sensitivity of intellectual property and global corporate privacy policies. Tech companies have argued that the measures lack international precedent, noting that major markets such as the European Union and the United Kingdom do not mandate such intrusive access to core software.

The Challenges of Implementation

Beyond the sharing of source code, the draft regulations include several other measures that have alarmed the sector. One proposal would require manufacturers to notify the government of major software updates and security patches before release, potentially allowing authorities to test them first. Furthermore, the draft suggests that devices should perform periodic, automatic malware scans, a move experts warn could significantly impact battery life and performance.

The government also seeks to mandate that devices store system activity logs for at least 12 months. However, manufacturers have pushed back, claiming most handsets lack the internal storage capacity to maintain such extensive records.

Official Consultation and Future Outlook

In response to the reports, India’s IT Secretary, S. Krishnan, stated that the government would address "legitimate concerns of the industry" with an open mind, adding that it was "premature" to draw final conclusions. India’s Press Information Bureau has since clarified that no final regulations have been framed and that the process remains a routine consultation with stakeholders. A high-level meeting between IT ministry officials and tech executives is expected to take place this week to discuss the framework further.