New Delhi: India has proposed a series of new smartphone security measures that would require device makers to share source code with the government and implement multiple software changes, prompting resistance from major tech companies including Apple, Samsung, Google, and Xiaomi.
The measures are part of Prime Minister Narendra Modi’s drive to strengthen user data security amid rising online fraud and data breaches in the country, home to nearly 750 million smartphone users.
The proposals are outlined in the Indian Telecom Security Assurance Requirements, which include 83 security standards, such as requiring companies to alert the government about major software updates and allowing designated labs in India to review source code for vulnerabilities.
In just 10 years, India has built the world’s largest digital backbone. Base stations grew from 6.5 lakh to 31.9 lakh, connecting cities, villages, and the most remote regions of the country.
सिर्फ 10 वर्षों में भारत ने विशाल डिजिटल नेटवर्क खड़ा किया है।
बेस स्टेशन 6.5 लाख से… pic.twitter.com/QNbInLCz8t— DoT India (@DoT_India) January 11, 2026
Tech companies have expressed concerns that these requirements are without global precedent and could reveal proprietary information. According to sources familiar with the discussions, smartphone makers argue that full source code review and vulnerability analysis is ‘not possible’ due to confidentiality and privacy issues.
Past mandates, including a state-run cybersecurity app, were withdrawn last month following industry opposition over surveillance concerns. The proposals would require companies to make software changes to:
- Allow pre-installed apps to be uninstalled
- Block apps from using cameras and microphones in the background to prevent malicious activity
- Perform automatic and periodic malware scanning
- Inform the National Centre for Communication Security about major software updates and patches before release
- Store phone logs, digital records of system activity, for at least 12 months on devices
Industry representatives, including MAIT, the Indian tech trade body, warned that malware scanning drains device batteries, seeking government approval for updates is impractical, and devices lack enough storage for year-long logs.
Apple, Samsung, Xiaomi, and Google, which together hold a significant share of India’s smartphone market, Samsung 15 percent, Xiaomi 19 percent, Apple 5 percent, have not publicly commented on the proposals.
The IT Secretary, S. Krishnan, said that any legitimate concerns raised by industry would be addressed ‘with an open mind’ and called it ‘premature to read more into it.’ A ministry spokesperson declined further comment due to ongoing consultations.
The government’s efforts to impose security requirements on tech firms are not new. Last year, rigorous testing for security cameras was mandated amid fears of Chinese spying. Companies are expected to discuss the latest proposals with IT ministry officials as the government considers making the measures legally binding.
India’s new requirements would mandate a complete security assessment of smartphones, with designated labs checking compliance through source code review and analysis. However, MAIT emphasized that no major country in the EU, North America, Australia, or Africa mandates such requirements, making the proposals unprecedented.
The plan also highlights ongoing tensions between the government’s push for data security and tech firms’ protection of proprietary software, which has seen Apple and US law enforcement previously refuse requests for source code.
MOST READ | Experts push for respirators over surgical face masks
