India has proposed a controversial new security measure that would require smartphone manufacturers, including giants like Apple and Samsung, to share their source code with the government. This move, part of a broader security overhaul, has raised significant concerns among tech companies, who argue that it lacks any global precedent and could expose proprietary information.
India’s Push for Smartphone Source Code Sharing
The proposal is part of India’s efforts to strengthen the security of user data in the face of growing concerns over online fraud and data breaches. With nearly 750 million smartphones in use, India is seeking to bolster its cybersecurity framework by enforcing 83 security standards. These standards include a requirement for smartphone companies to share their source code with the government, which would be analyzed and potentially tested at designated Indian labs.
India’s IT Secretary S. Krishnan reassured that the government was open to addressing any legitimate concerns raised by the tech industry, although specifics about how these concerns would be handled have not yet been disclosed.
Tech Companies Express Concerns
Tech giants like Apple, Samsung, and Google have voiced concerns that sharing source code could compromise confidentiality and privacy. According to industry insiders, such a requirement has never been mandated by any other country and could potentially give the government access to sensitive proprietary information.
The Mobile Association of India (MAIT), which represents major tech firms, has requested the government to drop the proposal. In a confidential document, MAIT stated that a complete security assessment and source code review would be unfeasible due to the privacy and secrecy concerns it would raise. The document also pointed out that many major countries, including those in Europe, North America, and Australia, do not require such security measures.
What’s at Stake?
In addition to source code sharing, the proposed measures also include mandatory malware scanning on smartphones and a requirement for companies to inform the National Centre for Communication Security about major software updates and security patches. Companies would also be required to store device logs for up to 12 months, raising concerns over data storage limitations.
While the government argues that these steps are necessary to protect consumers and combat cybersecurity threats, the tech industry has been skeptical about the feasibility of implementing such stringent regulations without significant trade-offs in privacy, security, and operational efficiency.
India’s proposed smartphone security overhaul is causing friction between the government and the tech industry, particularly concerning the sharing of source code. As the government continues to engage in consultations with tech companies, the outcome of this proposal could reshape the future of smartphone security and data privacy in one of the world’s largest markets. Whether these regulations will become law remains uncertain, but they highlight a growing trend of government scrutiny over tech companies’ operations and data practices.
