Centre proposes stricter smartphone security rules, including mandatory source-code access, one-year system log retention, and tighter app permission controls.
Tech giants push back, arguing the measures lack global precedent and could compromise proprietary information and user privacy.
Government says concerns will be reviewed, as consultations continue with market leaders and industry body MAIT.
Centre Proposes Smartphone Makers Share Source Code with Government
Centre’s proposed telecom security rules spark pushback from Apple, Samsung, and other smartphone makers over source-code access and data retention mandates.
Summary
Advertisement
New Delhi has proposed that smartphone makers mandatorily share source code with the government and make several software changes as part of efforts to strengthen security measures, Reuters reported. The proposal has prompted pushback from smartphone giants such as Apple and Samsung.
According to the report, which cited multiple sources, tech companies have argued that the package of 83 security standards lacks any global precedent and risks revealing proprietary details.
The proposal is part of Prime Minister Narendra Modi’s efforts to bolster user data security amid rising online fraud and data breaches. India is the world’s second-largest smartphone market, with nearly 750 million devices.
Information Technology Secretary S. Krishnan told Reuters that “any legitimate concerns of the industry will be addressed with an open mind.” Tech companies, including Apple, Samsung, Google, Xiaomi, and the Manufacturers’ Association for Information Technology (MAIT), are in consultation with the ministry, the report said. Last month, tech giants revoked an order mandating a state-run cyber safety app on phones.
Advertisement
The Centre has also actively pushed back against lobbying in the past year and required rigorous testing for security cameras over fears of Chinese spying, Reuters reported.
Indian Telecom Security Assurance Requirements
The new Indian Telecom Security Assurance Requirements include one of the most sensitive mandates: access to source code. Source code is the underlying programming that enables smartphones to function. According to the report, the code would be analysed and possibly tested at Indian laboratories, as outlined in official government documents.
MAIT has said India’s proposal for “vulnerability analysis” and “source code review” is not feasible due to secrecy and privacy concerns. The Centre has also proposed that a phone’s digital record of system activity be stored on the device for at least 12 months. MAIT argued this would not be possible, as devices do not have sufficient storage capacity to retain a year’s worth of log data.
Advertisement
Key Security Requirements
Apart from source code access and one-year log retention, the Centre has proposed background permission restrictions under which apps cannot access cameras, microphones, or location services when the phone is inactive.
Devices would also be required to periodically display warnings prompting users to review app permissions, with continuous notifications, the report said. Companies have argued that such notices should be limited to “highly critical” permissions.
The proposal also calls for periodic malware scanning and an option for users to remove pre-installed apps. Phone manufacturers would be required to notify a government organisation before releasing major updates, and devices must be able to detect if phones have been rooted or if users have bypassed built-in security restrictions.
Additionally, the proposal includes anti-rollback protection, requiring phones to permanently block the installation of older software versions, according to Reuters.
Show comments