India’s plan to tighten smartphone security rules is setting the stage for a fresh standoff between New Delhi and some of the world’s biggest technology companies. At the heart of the debate is a controversial proposal that could require smartphone manufacturers to share parts of their source code with Indian authorities — a move that industry insiders say has raised serious red flags across Silicon Valley and Asia alike.
According to people familiar with ongoing discussions, companies such as Apple, Samsung, Google, and Xiaomi have privately pushed back against the proposed framework, warning that it could expose proprietary technology, disrupt software update cycles, and set a precedent with no clear global parallel.
The Indian government, however, maintains that consultations are still underway and insists that industry concerns will be considered before any final decision is taken.
A Major Policy Shift in the World’s Second-Largest Smartphone Market
India is home to nearly 750 million smartphone users, making it the world’s second-largest mobile market after China. With online fraud, data theft, and cybercrime rising sharply, the Modi-led government has been under growing pressure to strengthen digital safeguards.
Officials say the proposed measures are aimed at improving user security, preventing misuse of phone hardware such as cameras and microphones, and ensuring faster detection of malware and vulnerabilities.
But the scale and depth of the new rules — collectively known as the Indian Telecom Security Assurance Requirements — have startled industry players. The draft framework reportedly includes 83 separate security standards, several of which go far beyond existing norms in Europe, North America, and other major markets.
Source Code Access: The Most Sensitive Flashpoint
Among all the proposed requirements, none has caused more anxiety than the idea of government access to source code — the underlying programming that makes smartphone operating systems and apps function.
Under the draft plan, smartphone makers would be expected to conduct comprehensive security assessments of their software. Indian government-approved laboratories would then have the authority to verify those claims through source code review and vulnerability analysis.
For global tech firms, this is a line they are deeply reluctant to cross.
Source code is considered one of the most closely guarded assets in the technology world. It represents years of research, billions of dollars in investment, and core intellectual property that defines a company’s competitive edge.
Industry executives argue that even limited access increases the risk of leaks, reverse engineering, and unintended exposure of sensitive architecture.
No Global Precedent, Industry Says
According to documents reviewed by Reuters and accounts from people directly involved in the talks, technology companies have repeatedly told Indian officials that such requirements do not exist elsewhere.
In confidential submissions to the government, industry representatives pointed out that no major economy — including the United States, the European Union, Australia, or Canada — mandates routine source code sharing for smartphones.
Apple, for instance, famously resisted similar requests from China between 2014 and 2016. Even U.S. law enforcement agencies have failed to gain access to the company’s core operating system code, despite high-profile security disputes.
Industry groups warn that introducing such a requirement in India could force companies to rethink product rollouts, software design strategies, and even long-term investment plans.
Government Pushes Back on Source Code Claims
Following the publication of reports about the proposal, India’s IT ministry issued a statement disputing claims that it was seeking access to smartphone source code.
The ministry said consultations were ongoing and described the discussions as part of routine engagement aimed at creating a “robust and appropriate regulatory framework” for mobile security. Officials also stressed that they were trying to understand the technical and compliance challenges faced by manufacturers.
IT Secretary S. Krishnan stated that it would be premature to draw conclusions and added that any “legitimate concerns” raised by the industry would be addressed with an open mind.
However, the ministry did not directly explain why internal documents and meeting notes reference source code review, nor did it clarify whether those provisions have been removed or merely reconsidered.
Mandatory Software Changes Add to Industry Unease
Beyond source code access, the proposed security framework includes a range of other requirements that companies say could significantly alter how smartphones operate in India.
One provision would require manufacturers to allow users to uninstall pre-loaded apps, a move welcomed by consumer rights advocates but technically complex for device makers.
Another rule seeks to prevent apps from accessing cameras and microphones in the background, unless explicitly authorised, in order to reduce the risk of covert surveillance or malicious misuse.
The proposals also call for automatic and periodic malware scanning on devices, along with expanded system logging to track phone activity for up to 12 months.
Industry representatives argue that while the goals may be valid, the implementation raises practical concerns.
Battery Drain, Storage Limits, and Update Delays
In a confidential response submitted by MAIT, an Indian industry association representing major smartphone brands, companies warned that constant malware scanning could significantly reduce battery life — a critical factor for users in a price-sensitive market like India.
The group also flagged storage limitations, noting that many devices may not have enough space to store a full year’s worth of system logs on the handset itself.
Perhaps most contentious is the proposal requiring companies to inform the National Centre for Communication Security about major software updates and security patches before releasing them to users.
Tech firms argue that such a process could slow down urgent updates, leaving users exposed to vulnerabilities for longer periods.
In fast-moving cybersecurity environments, delays of even a few days can make a significant difference.
Market Impact and Industry Stakes
India is a crucial battleground for smartphone makers. According to Counterpoint Research, Xiaomi and Samsung together account for more than one-third of the Indian smartphone market, while Apple, though smaller at around 5%, is rapidly expanding its manufacturing and retail presence in the country.
Any regulatory changes that affect software development, update cycles, or intellectual property protections could have ripple effects across supply chains, pricing, and innovation.
While none of the companies involved have publicly commented, industry insiders say the discussions are being closely monitored at the highest levels.
A Familiar Pattern in India’s Tech Regulation
This is not the first time New Delhi’s digital policies have unsettled global technology firms.
Last month, the government quietly withdrew an order that would have required smartphones to carry a state-backed cybersecurity app, following concerns about privacy and surveillance.
At the same time, India has shown it is willing to push ahead despite opposition. In 2024, the government enforced strict testing requirements for security cameras, citing national security concerns over potential foreign surveillance.
These mixed signals have left tech companies unsure how far India is willing to go — and how flexible it will be during negotiations.
What Happens Next?
Government officials and industry executives are expected to meet again this week as consultations continue. Sources say the security standards, originally drafted in 2023, are now under renewed scrutiny as the government considers whether to give them legal force.
For now, both sides appear keen to avoid an open confrontation. The government wants to strengthen digital security without discouraging investment, while companies are trying to protect their intellectual property without appearing dismissive of user safety.
The outcome could shape not only India’s smartphone ecosystem but also global debates about how far governments should go in regulating consumer technology.
Final Takeaway
India’s proposed smartphone security overhaul highlights the growing tension between national cybersecurity goals and the realities of global tech innovation. As digital threats evolve, governments are under pressure to act — but how they act matters.
Whether New Delhi can strike a balance between stronger protections and industry trust will determine not just the future of mobile security in India, but also the country’s reputation as a technology-friendly market in an increasingly competitive global landscape.