India’s proposed overhaul of smartphone security standards has triggered concern among global technology companies after a Reuters report says the government is considering measures that could require access to proprietary source code, a claim that the Union government has now formally denied.
According to
a Reuters report, the Union ministry of electronics and information technology (MeitY) has been consulting smartphone manufacturers and industry groups on a package of 83 security requirements under the Indian telecom security assurance requirements (ITSARs). Among the most sensitive provisions flagged by the news agency is the possibility of source code review by government-designated testing laboratories.
However, the government, through the press information bureau (PIB) fact check, says the claim that India intends to force smartphone-makers to share their source code is 'fake'. It says MeitY is only undertaking routine stakeholder consultations to develop a 'robust regulatory framework for mobile security' and that no final regulations have been framed.
In its report, Reuters cited a review of confidential government and industry documents, as well as discussions with people familiar with the matter, to report that ITSARs include provisions for deep technical scrutiny of smartphone software. On page 41 of the ITSAR document, test laboratories are mandated to conduct 'source code review/analysis, vulnerability analysis, penetration testing and fuzzing' to verify security claims made by manufacturers.
An 8th December meeting note prepared by MeitY, accessed by Reuters, records that industry representatives raised strong objections during consultations. According to the document, companies argued that such requirements have 'not been mandated by any country globally', that the proposed standards combine elements from multiple frameworks, including those of Reserve Bank of India (RBI) and the US National Institute of Standards and Technology (NIST) and that some requirements fall outside the purview of mobile phone manufacturers.
According to the Reuters report, MeitY is currently in discussions with companies such as Apple, Samsung, Google and Xiaomi, as well as industry bodies, as the government considers whether to notify the ITSARs legally. No final decision has been taken.
IT secretary S Krishnan told the newswire that “any legitimate concerns of the industry will be addressed with an open mind”, adding that it was “premature to read more into it”.
The India Cellular and Electronics Association member body, MAIT (Manufacturers Association Information Technology), which represents major smartphone makers, has strongly opposed any form of source code access. In a document seen by Reuters, MAIT stated that source code sharing “is not possible … due to secrecy and privacy”, and pointed out that “major countries in the EU, North America, Australia and Africa do not mandate these requirements.”
According to the agency, MAIT asked the ministry last week to drop the proposal entirely, citing risks to intellectual property and user privacy. The industry body also raised concerns about other proposed measures, including automatic malware scanning, prior intimation to the National Centre for Communication Security before rolling out major software updates and on-device storage of system logs for at least 12 months.
MAIT warned that frequent malware scans could significantly drain battery life, while seeking government clearance before releasing software updates would be impractical, as security patches often need to be deployed urgently.
Following the publication of the Reuters report, the government issued a clarification through PIB fact check, categorically rejecting the claim that it plans to seek smartphone source code.
“The Government of India has NOT proposed any measure to force smartphone manufacturers to share their source code,” the PIB says. It added that MeitY has merely initiated stakeholder consultations, which are “regular and routine” whenever safety or security standards are considered.
PIB emphasised that no final regulations have been framed and that any future framework would be formulated only after due consultation with the industry.
India is the world’s second-largest smartphone market, with close to 750mn (million) users, according to estimates cited by Reuters. The proposed security framework comes amid rising concerns over online fraud, data breaches and unauthorised surveillance and is part of the government’s broader push to tighten digital security standards.
While the government insists consultations are exploratory, the episode highlights a growing tension between India’s regulatory ambitions and the global technology industry’s concerns over proprietary software, compliance burdens and regulatory uncertainty.
With further meetings between MeitY officials and technology companies expected, the contours of India’s mobile security regime and how far it can go without alienating major manufacturers remain unresolved.
