India, the world’s second-largest smartphone market with nearly 750 million devices, is considering a mandate that would require smartphone manufacturers to share their source code with the government. This proposal, part of a broader set of security measures, has met with resistance from major tech companies like Apple and Samsung.
The proposed security standards, totaling 83 in number, would also compel companies to notify the government of significant software updates. Critics argue that these measures lack international precedent and could expose proprietary information. This sentiment is echoed by four individuals familiar with the discussions and a Reuters analysis of confidential documents.
Backdrop of India’s Security Measures
The plan is a segment of Prime Minister Narendra Modi’s initiative to enhance user data security amid rising online fraud and data breaches. As part of this initiative, the Indian government seeks access to source code, the foundational programming instructions that enable smartphones to function.
IT Secretary S Krishnan assured Reuters that the government would address any legitimate industry concerns with an open mind, emphasizing that it is too early to draw conclusions. However, a ministry spokesperson refrained from further comment due to ongoing consultations with tech companies.
Industry Pushback and Historical Context
Technology firms have historically been wary of Indian government mandates. Last December, India retracted an order requiring a state-run cyber safety app on phones due to surveillance concerns. Previously, in 2025, the government mandated stringent testing for security cameras, citing fears of Chinese espionage.
According to Counterpoint Research, Xiaomi and Samsung, which rely on Google’s Android operating system, hold 19% and 15% of India’s market share, respectively, while Apple holds 5%. These companies, along with Google and MAIT, an Indian industry group, have not responded to requests for comment.
Concerns Over Source Code Access
Among the new Indian Telecom Security Assurance Requirements, access to source code is one of the most contentious. The proposal suggests that source code could be analyzed and potentially tested at designated Indian laboratories.
The government also seeks software modifications to allow the uninstallation of pre-installed apps and to prevent apps from using cameras and microphones in the background, aiming to “avoid malicious usage.”
“Industry raised concerns that globally security requirements have not been mandated by any country,” stated a December IT ministry document detailing meetings with Apple, Samsung, Google, and Xiaomi.
Global Implications and Comparisons
Smartphone manufacturers are protective of their source code. Notably, Apple declined China’s request for source code between 2014 and 2016, and US law enforcement has similarly been unsuccessful in obtaining it.
India’s proposals for “vulnerability analysis” and “source code review” would necessitate a “complete security assessment” by smartphone makers, with Indian test labs verifying these claims through source code analysis.
“This is not possible … due to secrecy and privacy,” MAIT stated in a confidential document responding to the government proposal, as reported by Reuters.
Future Outlook and Industry Response
Device manufacturers would also be required to inform the National Centre for Communication Security about major software updates and security patches before releasing them to users. The centre would retain the right to test these updates.
MAIT’s document highlights that regular malware scanning significantly depletes a phone’s battery, and obtaining government approval for software updates is “impractical” due to the need for timely releases.
Additionally, India proposes that phone logs, which are digital records of system activity, be stored on the device for at least 12 months.
As the Indian government considers legally enforcing these security standards, IT ministry officials and tech executives are scheduled to meet for further discussions. The outcome of these talks could significantly impact the global tech landscape, setting a precedent for other nations considering similar measures.
