India is moving closer to a major overhaul of smartphone security rules as it considers forcing device makers to share source code with the government and comply with a wide set of new software standards. The proposal has triggered quiet resistance from global technology companies such as Apple and Samsung who argue the plan has no global precedent and could expose sensitive proprietary information.
The draft framework includes eighty-three security requirements and is part of Prime Minister Narendra Modi’s push to strengthen user data protection as online fraud and data breaches rise across India’s massive smartphone market of nearly 750 million devices. The measures would require companies to notify the government about major software updates and security patches and allow designated Indian labs to analyse and test phone software. IT Secretary, S Krishnan said that “any legitimate concerns of the industry will be addressed with an open mind” and added it was “premature to read more into it.” A ministry spokesperson said discussions were ongoing and declined further comment.
Apple, Samsung, Google, Xiaomi and the industry body, MAIT did not respond to requests for comment. The proposals have revived tensions between New Delhi and technology firms following past disputes including a recently revoked order for a state-run cyber safety app and mandatory security testing for cameras introduced last year. Market data shows Xiaomi holds 19% of India’s smartphone market, Samsung has 15% and Apple has 5%.
At the heart of the plan is a requirement for access to source code which contains the core instructions that make smartphones work. The government wants companies to conduct full security assessments and allow Indian labs to verify them through source code review and vulnerability analysis. MAIT warned in a confidential response that “globally security requirement has not been mandated by any country” and said such reviews are not possible “due to secrecy and privacy.” It also noted that major regions including the EU, North America, Australia and Africa do not impose similar rules and asked the government to drop the proposal.
Other requirements include allowing users to uninstall preinstalled apps restricting background camera and microphone use, automatic malware scanning and storing system logs on devices for at least twelve months. Companies would also need to inform the National Centre for Communication Security before rolling out key updates. MAIT said regular malware scans drain battery life, approval delays are impractical and there is not enough storage space to keep 1 year of logs on devices. Officials and executives are set to meet again on Tuesday as the government considers making the standards legally binding.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
