India is considering new rules that would force smartphone makers to share source code with the government and change how their software works. The proposal has already triggered strong resistance from major companies, including Apple and Samsung. At the center of the dispute is how far the government can go in the name of mobile security.
The plan includes 83 security standards that could become law. If approved, companies would have to alert the government before releasing major software updates. Officials say the goal is to protect users as online fraud and data breaches continue to rise in India’s fast-growing smartphone market.
But technology firms say the demands go too far. They argue the proposals have no global precedent and could expose sensitive intellectual property. Several companies have raised these concerns during private talks with officials.
Government Says ‘Security Comes First’
Prime Minister Narendra Modi’s government says the rules aim to improve data safety across nearly 750 million smartphones in use across the country.
IT Secretary S. Krishnan told Reuters, “any legitimate concerns of the industry will be addressed with an open mind,” adding that it was “premature to read more into it.”
A ministry spokesperson later said consultations were ongoing and declined further comment.
After the Reuters story was published, the IT ministry said the talks were meant to create “an appropriate and robust regulatory framework for mobile security.” It also stated that it “routinely” engages with the industry to understand technical and compliance issues. The ministry added that it “refutes the statement” that it plans to seek source code, without addressing documents reviewed by Reuters.
Proposal Requirements
Apple, Samsung, Google, Xiaomi, and the industry body MAIT did not respond to requests for comment.
Under the draft rules, companies would need to provide access to source code for analysis at designated Indian labs. They would also have to make software changes so users can remove pre-installed apps and block background access to cameras and microphones “to avoid malicious usage.”
Another requirement would force device makers to notify the National Centre for Communication Security about major software updates and security patches before release. The agency would have the right to test those updates.
The proposals also call for automatic and periodic malware scans and require phones to store system logs for at least 12 months.
Industry Pushes Back
MAIT, which represents major smartphone brands, has strongly opposed the measures.
“This is not possible … due to secrecy and privacy,” MAIT said in a confidential document reviewed by Reuters. The group added, “Major countries in the EU, North America, Australia and Africa do not mandate these requirements.”
MAIT also warned that constant malware scanning would drain battery life. It said requiring government approval for software updates is “impractical” because security fixes need to reach users quickly. On data storage, the group stated, “There is not enough room on device to store 1-year log events.”
India has clashed with tech firms before over regulation. Last month, the government withdrew a rule that would have required a state cyber safety app on phones after concerns about surveillance. At the same time, it has pushed through strict testing rules for security cameras over spying fears.
For now, both sides remain in talks. Whether the proposals become law will decide how much control India exerts over smartphone software and how far companies must go to comply.
