India wants smartphone makers to hand over source code to boost user security, sparking resistance from global tech giants and renewing debate over whether open-source transparency offers a more viable path to national cyber assurance.
India has proposed mandatory source code access for smartphone makers, a move that directly challenges closed-source software models and places open-source transparency at the centre of national security discussions.
Under the proposal, smartphone manufacturers would be required to share their source code with government-designated laboratories for analysis and testing. The requirement forms part of the Indian Telecom Security Assurance Requirements, a package of 83 proposed security standards drafted in 2023 and now under consideration for legal enforcement.
Global smartphone giants, including Apple, Samsung, Google, and Xiaomi, along with industry body MAIT, have opposed the measures, arguing that mandatory source code access has no global precedent and risks exposing proprietary intellectual property.
The policy aligns with Prime Minister Narendra Modi’s efforts to strengthen user data security as online fraud and data breaches rise in the world’s second-largest smartphone market, which has nearly 750 million devices in use.
Government-designated Indian labs would be permitted to conduct “vulnerability analysis” and “source code review” to verify manufacturers’ security claims. Additional mandates would require smartphones to allow pre-installed apps to be uninstalled, restrict background access to cameras and microphones, enable periodic malware scanning, and store system logs for at least 12 months. Companies would also need to inform the National Centre for Communication Security in advance of major software updates.
Industry groups have called the requirements impractical and technically unfeasible. MAIT said source code review was “not possible … due to secrecy and privacy,” adding that “major countries in the EU, North America, Australia and Africa do not mandate these requirements.”
IT Secretary S. Krishnan said, “Any legitimate concerns of the industry will be addressed with an open mind,” adding it was “premature to read more into it.”
