In a bold cybersecurity initiative that has triggered significant industry opposition, the Indian government is advancing a comprehensive security framework that would compel smartphone manufacturers to surrender their proprietary source code for government analysis. The proposed regulations, comprising 83 distinct security standards, represent one of the most stringent technology oversight regimes globally.
The security overhaul, championed by Prime Minister Narendra Modi’s administration, aims to address growing concerns about data breaches and online fraud in the world’s second-largest smartphone market, which serves approximately 750 million devices. Beyond source code access, the measures would require manufacturers to enable complete uninstallation of pre-installed applications, implement background restrictions on camera and microphone access, and mandate automatic malware scanning systems.
Technology behemoths including Apple, Samsung, Google, and Xiaomi have mounted substantial behind-the-scenes resistance to the proposals through the Manufacturers’ Association for Information Technology (MAIT). Industry representatives argue that the requirements lack global precedent and threaten to compromise closely guarded intellectual property. In confidential communications reviewed by Reuters, MAIT characterized the source code review mandate as ‘not possible due to secrecy and privacy concerns,’ noting that no major markets in the EU, North America, Australia or Africa impose similar obligations.
The proposed Telecom Security Assurance Requirements would establish designated Indian laboratories for source code analysis and vulnerability assessment. Additionally, manufacturers would be required to notify the National Centre for Communication Security about significant software updates before public release, granting authorities testing privileges—a requirement industry groups label as ‘impractical’ for time-sensitive security patches.
IT Secretary S. Krishnan has indicated willingness to address ‘legitimate concerns’ while maintaining that premature conclusions should be avoided. This confrontation continues India’s pattern of assertive technology regulation, following previous mandates for pre-installed security apps and rigorous camera testing protocols that previously drew industry criticism.
The ongoing consultations between ministry officials and technology executives will continue this week, with the government considering formal legal implementation of standards initially drafted in 2023.