- The Indian government has outlined draft regulations that would obligate smartphone manufacturers to provide source code access and implement a suite of security measures.
- Major global vendors have privately raised concerns that the proposals lack precedent and could expose proprietary technology, while officials say consultations continue.
What happened: New Delhi’s draft plan would compel source code sharing
India has put forward draft smartphone security rules that, if enacted, would require device makers to share their proprietary source code with government-designated labs as part of a major security overhaul. The proposals are intended to strengthen protections for user data in the world’s second-largest smartphone market, where nearly 750 million handsets are active and online fraud and breaches have risen.
According to sources familiar with the matter and internal documents reviewed by Reuters, the 83-point regulatory package would not only include source code access but several other stringent software requirements. These include mandatory notification to authorities of major software updates before release, automatic malware scanning on devices, and controls to prevent apps from accessing cameras and microphones in the background without explicit permission.
The draft standards are part of the so-called Indian Telecom Security Assurance Requirements, which have been discussed with leading phone makers including Apple, Samsung, Google and Xiaomi. Industry representatives have told officials that forcing source code disclosure is unprecedented globally and could risk revealing commercially sensitive information. They also cited concerns that requirements such as on-device malware scanning could negatively affect battery life and device performance.
India’s IT Secretary, S. Krishnan, acknowledged that industry concerns would be addressed with an open mind and noted that it was premature to make definitive interpretations of the plans. Government consultations with manufacturers are ongoing as regulators weigh how to balance security goals with commercial practicality.
Also Read: Optus CTO departs after critical 000 emergency call report
Also Read: UK turns to Google for public sector AI delivery
Why it’s important
If adopted, these proposals would mark one of the most robust smartphone-specific regulatory regimes globally, raising complex questions about intellectual property, platform security and government access to commercial technology. Smartphone source code forms the foundation of operating systems and user experiences, and manufacturers guard it as proprietary. Even historically, firms such as Apple have resisted similar demands from other governments.
The move underscores the growing emphasis by national regulators on device-level cybersecurity and data protection in an era of ubiquitous mobile connectivity. It also highlights tensions between security aspirations and the commercial imperatives of global tech companies. How India navigates these competing priorities could influence similar regulatory debates in other large markets.
