India Proposes Mandatory Source Code for Smartphone Security Overhaul | Quick Digest
India is proposing new security rules for smartphone makers, including mandatory source code disclosure, to enhance user data security. This has drawn significant pushback from tech giants like Apple and Samsung, who cite concerns over corporate secrecy and lack of global precedent. The government is engaging with the industry on these 2023-drafted standards.
India's proposal mandates smartphone makers to share source code for security assessments.
Tech giants like Apple, Samsung, and Google oppose the rules citing proprietary concerns.
The proposed regulations aim to boost user data security amid rising online fraud.
Rules include restrictions on background app access, malware scanning, and log retention.
Industry argues the requirements lack global precedent and are impractical.
The Indian government has indicated willingness to address industry's legitimate concerns.
India's government, specifically the Department of Telecommunications (DoT) and the Ministry of Electronics and Information Technology (MeitY), is considering implementing a comprehensive security overhaul that would require smartphone manufacturers to disclose their proprietary source code. This proposal, part of the Indian Telecom Security Assurance Requirements (ITSAR) drafted in 2023, aims to bolster user data security and combat rising online fraud and data breaches in India, which is the world's second-largest smartphone market.
The core of the proposal mandates that smartphone makers allow government-designated labs in India to review and test their operating system's source code to identify potential vulnerabilities. Beyond source code access, the proposed rules encompass a range of other requirements. These include making software changes to enable uninstallation of pre-installed apps, blocking apps from accessing cameras and microphones in the background without active use, periodic user alerts to review app permissions, retaining security audit logs for 12 months, and implementing automatic and periodic malware scanning.
However, these stringent proposals have met with significant opposition from major global technology companies, including Apple, Samsung, Google, and Xiaomi. Industry groups like MAIT, representing these companies, have expressed strong reservations, arguing that sharing proprietary source code is "not possible" due to corporate secrecy and global privacy policies. They contend that these requirements lack any global precedent and could reveal sensitive intellectual property, reduce battery life due to constant scanning, and cause impractical delays in releasing critical software updates and security patches that need to be deployed swiftly. Officials from MeitY and tech executives are scheduled to meet for further discussions, with the Indian IT Secretary S. Krishnan indicating that "any legitimate concerns of the industry will be addressed with an open mind." This ongoing dialogue highlights the tension between national security imperatives and the global operating models of tech giants.
Read the full story on Quick Digest