Pressmediaofindia
Related Articles
16-11-2025
Bureau Report
NEW DELHI/ BENGALURU: The Indian government’s plan requiring smartphone makers to share source code as part of a raft of new security measures has drawn criticism from privacy advocates and technology experts over fears of heightened surveillance.
Companies including Apple, opens new tab and Samsung, opens new tab have privately protested the proposed package of security standards, which also includes a requirement to maintain phone logs on devices for a year, Reuters reported on Sunday, citing a review of confidential government and industry documents.
The proposal is part of Prime Minister Narendra Modi’s efforts to boost security of user data as online fraud and data breaches increase in the world’s second-largest smartphone market, with nearly 750 million phones.
India’s IT ministry has said “any legitimate concerns of the industry will be addressed with an open mind” and consultations were ongoing. It also refuted that it was considering seeking source code, without commenting on the government or industry documents cited by media.
The Internet Freedom Foundation, a privacy and free speech rights organization, said it “strongly rejects any proposed regime that effectively grants the state access to confidential source code and embeds persistent controls into devices used daily by hundreds of millions of Indians”.
“The proposals seek to micromanage how users interact with their own devices,” IFF added in a statement.
India’s IT ministry did not respond to a request for comment.
The ministry called off a meeting scheduled for Tuesday with the tech giants to discuss their feedback and concerns about the proposal, according to three people with direct knowledge.
Seeking source code, the underlying programming instructions that make phones work erodes trust and “is a massive step backwards from India’s goal of improving the ease of doing business,” said Akash Karmakar, a partner at Indian law firm Panag & Babu who specializes in technology law.
Last month, India revoked an order mandating a state-run cybersecurity app on phones following opposition from opposition parties and privacy advocacy groups.
The latest proposal says tech companies should inform Indian officials before releasing security updates and they can test them if they want.
That creates a conflict of interest as it allows the state to act as a regulator while potentially exploiting vulnerabilities for surveillance, said Raman Jit Singh Chima, global cybersecurity lead at internet advocacy group, Access Now.
Below are key security requirements India is proposing for smartphone makers like Apple and Samsung, prompting opposition from tech companies, according to four sources, as well as industry and government documents seen by media.
Manufacturers must test and provide proprietary source code for review by government-designated labs to identify vulnerabilities in phone operating systems that could be exploited by attackers.
Industry group MAIT, which represents Apple, opens new tab, South Korea’s Samsung, opens new tab, Google, opens new tab, China’s Xiaomi, opens new tab, has told the government this is “not possible” due to corporate secrecy and global privacy policies.
Apps cannot access cameras, microphones or location services in the background when phones are inactive. Continuous status bar notifications are required when these permissions are active.
