New Delhi: The Central government is likely to propose sweeping new security rules for smartphones that would require manufacturers to share source code with designated test laboratories and alert authorities ahead of major software updates, triggering quiet pushback from global giants including Apple and Samsung, according to people familiar with the discussions and a Reuters review of confidential documents.
The package includes 83 security standards under proposed Indian Telecom Security Assurance Requirements, which the government argues are needed to protect consumer data in the world’s second-largest smartphone market, with nearly 750 million phones, amid rising online fraud and data breaches.
Among the most contentious provisions is a requirement for access to source code, the underlying programming instructions that make phones operate. The documents say this code would be “analysed and possibly tested” at government-designated labs.
The proposals also seek software modifications to make pre-installed apps uninstallable, and to enable blocking apps from using cameras and microphones in the background to “avoid malicious usage”, according to the documents.
A December IT Ministry document summarising meetings with executives from Apple, Samsung, Google and Xiaomi said, “Industry raised concerns that globally security requirements have not been mandated by any country.”
IT Secretary S. Krishnan told Reuters the government would consider feedback. “Any legitimate concerns of the industry will be addressed with an open mind,” he said, adding it was “premature to read more into it.” A ministry spokesperson said it could not comment further due to ongoing consultations.
The security standards were drafted in 2023 but have drawn renewed attention as the government considers imposing them through legal requirements. Government officials and technology executives are due to meet again on Tuesday, January 13, 2026, sources said.
Smartphone companies typically treat source code as highly confidential. Apple previously declined a request from China for its source code between 2014 and 2016, and efforts by US law enforcement to obtain it have also been unsuccessful.
The proposals would require firms to conduct a “complete security assessment” for “vulnerability analysis” and “source code review”, with test labs able to verify claims through source code analysis.
MAIT, the industry body representing the firms, objected in a confidential response seen by Reuters. “This is not possible due to secrecy and privacy,” MAIT wrote, adding, “Major countries in the EU, North America, Australia, and Africa do not mandate these requirements.” A source said MAIT asked the ministry last week to drop the proposal.
Other measures include mandatory automatic and periodic malware scanning, which MAIT warned could significantly drain battery life. Device makers would also need to notify the National Centre for Communication Security about major updates and security patches before releasing them, and allow authorities to test them, which MAIT called “impractical” as updates must be issued quickly.
The government also wants phones to store system logs for at least 12 months. “There is not enough room on the device to store 1-year log events,” MAIT said.
Apple, Samsung, Google, Xiaomi and MAIT did not respond to requests for comment.
India has previously clashed with tech firms over device requirements. Last month it revoked an order mandating a state-run cyber safety app amid surveillance concerns, but last year pressed ahead with strict testing rules for security cameras over fears of Chinese spying.
In India’s crowded smartphone market, Xiaomi holds 19 per cent share, Samsung 15 per cent, and Apple 5 per cent, Counterpoint Research estimates.with agency inputs