India Proposes Radical Smartphone Security Rules: Manufacturers May Be Forced to Share Source Code

India is currently weighing a controversial set of new regulations that could fundamentally change how smartphone giants like Apple, Samsung, and Xiaomi operate within the country. The proposed rules, aimed at bolstering national cybersecurity, would require device manufacturers to share their proprietary source code with government-designated laboratories for vulnerability testing—a move that has triggered significant alarm across the global technology sector.

According to reports circulating this week, the Ministry of Electronics and Information Technology (MeitY) is reviewing a draft of the “Indian Telecom Security Assurance Requirements” (ITSAR). This document outlines approximately 83 new security standards intended to protect India’s 750 million smartphone users from data breaches and cyber espionage. The most contentious provision involves the mandatory disclosure of source code, the core set of instructions that drive an operating system’s functionality. Manufacturers argue that this code is their “crown jewel” intellectual property and that sharing it would expose them to massive security risks and trade secret theft.

Beyond the source code requirement, the draft regulations propose several other stringent measures. One major rule would require manufacturers to submit major operating system updates and security patches to the National Centre for Communication Security (NCCS) for screening before they can be rolled out to consumers. Industry experts warn that this bureaucratic hurdle could delay critical security fixes, leaving users vulnerable to active threats for longer periods.

The proposal also seeks to give users more control over their devices. If passed, the rules would mandate that users be allowed to uninstall all pre-loaded applications—a direct hit to the business models of many Android manufacturers who rely on bloatware revenue. Additionally, the government wants to implement hard system-level blocks that prevent any application from accessing the microphone or camera in the background, a measure designed to curb digital surveillance.

The Industry Fights Back

The pushback from Silicon Valley and Asian tech giants has been swift and unified. Through the Manufacturers’ Association for Information Technology (MAIT), companies have reportedly told the Indian government that compliance with the source code requirement is “not possible.” They argue that no other major economy—including the European Union or the United States—enforces such draconian transparency measures.

In confidential documents reviewed during the consultation process, industry representatives highlighted that sharing source code would compromise the global security architecture of their devices. If Apple, for instance, were to provide its iOS source code to Indian labs, it could create a precedent that other nations might demand to follow, effectively dismantling the “walled garden” security model the company is famous for.

Key Players and Recent Developments

For those following the intersection of technology and geopolitics, this move by the Indian government is part of a larger pattern of tightening digital sovereignty. Here is a brief look at the key entities involved in this unfolding drama:

• Ministry of Electronics and Information Technology (MeitY): This is the executive agency responsible for IT policy in India. Under the current administration, MeitY has been aggressive in asserting control over the digital space. They recently made headlines for attempting to mandate the installation of a government-run “cyber safety” tool on all smartphones. That proposal was eventually scrapped after intense industry backlash, but it signaled the ministry’s willingness to intervene in hardware specifications.
• The Market Stakes: India is the world’s second-largest smartphone market, trailing only China. For companies like Samsung and Xiaomi, which hold massive market shares, exiting India is not a financial option. Even Apple, which has historically had a smaller footprint in India, is currently ramping up local manufacturing and retail presence. The economic leverage India holds is the primary reason these companies are at the negotiating table rather than simply walking away.
• Upcoming Projects/Policies: Aside from the smartphone wars, MeitY is also working on the “Digital India Act,” a future legislation expected to replace the decades-old IT Act of 2000. This upcoming project aims to cover everything from artificial intelligence regulation to deepfake penalization and online safety, suggesting that the regulatory pressure on Big Tech is only going to increase in the coming years.

The Road Ahead

The Indian government has publicly stated that these discussions are “routine consultations” and that no final decision has been made. However, the existence of the draft standards suggests a clear intent to impose stricter oversight. The standoff represents a critical test case for the tech industry: can a nation-state force global corporations to unlock their deepest trade secrets in the name of national security?

This is a developing story with massive implications for privacy and the future of the tech industry. Do you think governments should have the right to inspect the source code of the devices we use every day, or is this a dangerous overreach? Share your thoughts in the comments.