Centre Proposes Source Code Sharing by Smartphone Makers in Major Security Overhaul

The Union government is considering a proposal that would require smartphone manufacturers to share their source code and implement wide-ranging software changes as part of a new national security framework aimed at strengthening data protection.

The move is part of Prime Minister Narendra Modi’s broader push to enhance user data security amid a surge in online fraud and data breaches in India, the world’s second-largest smartphone market with nearly 750 million active devices.

According to sources familiar with the discussions, the proposed Indian Telecom Security Assurance Requirements include 83 security standards, one of the most sensitive being government access to source code — the core programming instructions that power smartphones. Technology firms have raised objections, arguing that the plan has no global precedent and could expose proprietary information.

Major smartphone manufacturers such as Apple, Samsung, Google and Xiaomi are understood to have expressed concerns during consultations, though none have issued formal public responses. Industry representatives have cautioned that sharing source code could compromise trade secrets and raise privacy risks.

IT Secretary S. Krishnan said the government is open to addressing legitimate industry concerns and that consultations are ongoing. Officials stressed that it is premature to draw conclusions before discussions conclude. IT Secretary S. Krishnan said the government is open to addressing legitimate industry concerns and that consultations are ongoing. Officials stressed that it is premature to draw conclusions before discussions conclude.

Under the proposed framework, smartphone makers would also be required to notify authorities about major software updates and security patches before releasing them. Additional measures include allowing users to uninstall pre-installed apps, blocking background access to cameras and microphones, enabling automatic malware scans, and retaining device system logs for up to 12 months.

The industry body Manufacturers’ Association for Information Technology (MAIT) has argued that mandatory source code reviews and vulnerability analysis are not practised in major markets such as the EU, North America or Australia. It has also warned that constant malware scanning could drain battery life and that advance approval for software updates could delay urgent security fixes.

India has previously imposed strict technology regulations, including mandatory security testing for surveillance equipment, citing national security concerns. The government is now considering making the proposed smartphone standards legally binding, with further talks between officials and industry leaders expected in the coming days.