English
The Government of India has proposed a new set of security standards called Telecom Security Assurance Requirements to strengthen smartphone security. Under this proposal, smartphone manufacturing companies would be required to share the source code of their devices so that security vulnerabilities can be identified and user data protection can be ensured. As part of this proposal, mobile companies would have to inform the government in advance about their software updates and security patches, and include measures to prevent potential threats in devices such as unauthorized use of the camera or microphone. The objective of the proposal is to reduce cyber security risks for the nearly 750 million smartphones used in India.
The proposed rules mention a total of 83 security standards that companies would need to comply with. These standards also include providing the option to remove pre installed apps and conducting regular malware scanning on devices. The government argues that this step is necessary due to the increasing cases of online fraud and data leaks, in order to ensure the protection of users’ personal and sensitive data. Under this framework, source code would be provided to India based government laboratories for software testing, enabling identification and resolution of potential risks.
Reaction and opposition from tech companies
Major mobile phone manufacturers and technology brands such as Apple, Samsung, Google and Xiaomi have strongly opposed the proposal. These companies say that source code is their most sensitive intellectual property, and sharing it could pose risks to their business and security. They argue that there is no similar requirement anywhere in the world, and that such a move could expose their private technology and competitive information.
Tech companies have also stated that measures such as continuous malware scanning could negatively affect device battery life, and that the requirement to obtain government approval for every update would create practical challenges, since immediate security patches are often necessary. Industry body Manufacturers Association for Information Technology (MAIT) has said that some of the proposed rules go against global standards and raise concerns related to confidentiality and privacy.
Government clarification and consultation process
Although several media reports have stated that the government is demanding source code sharing from smartphone manufacturers, government officials have clarified that this is currently only a consultative process and no final rules have been implemented yet. The Ministry of Electronics and Information Technology (MeitY) has said that discussions with stakeholders on various security aspects are ongoing, and that the effort is to create a standardized framework rather than an immediately enforceable rule.
According to the government, this consultation is a normal and necessary process to develop an appropriate smartphone security framework that takes into account the concerns of all stakeholders. The ministry has also cautioned that reports should not be treated as official positions until a final decision is made. The objective of this consultation is to build a balanced security framework that considers both user safety and industry productivity.
Potential impact of the rules and ongoing discussion
If these rules are implemented, they could impact both smartphone manufacturers and users. The government believes this would strengthen phone security and privacy, while companies argue that it could affect their technological confidentiality and impact phone performance and battery life. Discussions are ongoing and no final decision has been taken yet.
