India has denied plans to force smartphone makers to share source code, reviving a wider debate on whether open source security models offer governments a safer, more transparent alternative to regulating proprietary software.
India does not mandate smartphone manufacturers to share their source code with the government, industry bodies and official sources have clarified, countering a Reuters report that suggested authorities were considering compulsory access to proprietary software.
Industry analysts say any such requirement would face strong resistance from global smartphone OEMs due to intellectual property and governance risks. “OEMs (original equipment manufacturers) like Apple and Samsung reject source code disclosure over IP (intellectual property) risks and absent global precedents,” said Prabhu Ram, Vice-President at CyberMedia Research. No country currently mandates full source code disclosure for smartphone security audits, reinforcing the global reluctance around such measures.
Analysts also note that India lacks the statutory authority to compel proprietary operating system or source code handovers. Apple’s earlier refusal to provide its source code to Chinese authorities is frequently cited as a benchmark case. As a result, any regulatory move is expected to end in compromise rather than enforcement. “This is likely to end in a negotiated compromise rather than a hard mandate, with security expectations clarified but enforcement softened,” said Sanyam Chaurasia, Principal Analyst at Canalys.
Security concerns underpinning the debate include rising cyber fraud, IMEI cloning, and systemic vulnerabilities in India’s smartphone-first economy. However, analysts caution that enforced compliance would disproportionately impact mass-market Android manufacturers, potentially leading to slower updates or higher device costs for consumers.
The discussion has sharpened the contrast between closed, proprietary software models and open-source security frameworks. Open source systems enable independent audits, community-led vulnerability detection, and transparency without forced disclosure—attributes increasingly favoured in critical infrastructure and public-sector deployments. The recent rollback of the Sanchar Saathi app mandate following surveillance concerns further underscores the role of trust and transparency in public acceptance.
