Smartphone Manufacturers Face Security Overhaul in India

Smartphone manufacturers are at the centre of a proposed security overhaul initiated by the Indian government, which aims to implement stricter regulations regarding the disclosure of proprietary source code, as reported by Reuters.

The Pursuit of Digital Sovereignty

According to the suggested Indian Telecom Security Assurance Requirements (ITSAR), manufacturers might be obliged to submit their source code to government-approved laboratories for vulnerability evaluations. This initiative is part of Prime Minister Narendra Modi’s broader agenda to safeguard the 750 million smartphone users in the country from sophisticated data breaches and online fraud.

Strong Resistance from Global Tech Leaders

These proposals have ignited significant opposition from the technology sector. The Manufacturers’ Association for Information Technology (MAIT), which represents major manufacturers, has indicated that complying with these requirements is “not feasible” due to the heightened sensitivity surrounding intellectual property and corporate privacy policies. Tech firms note that such measures have no precedent in major global markets, including the European Union and the United Kingdom, which do not require similar access to core software.

The Challenges of Implementation

In addition to the source code disclosure, the draft regulations encompass a variety of other measures that have raised alarms in the industry. One proposal would mandate that manufacturers inform the government of significant software updates and security patches before they are released, allowing authorities the chance to conduct preliminary testing. Furthermore, the draft suggests that devices should undergo periodic automatic malware scans, a measure experts caution could adversely affect battery life and overall performance.

Official Consultation and Future Outlook

The government also aims to require devices to retain system activity logs for a minimum of 12 months. However, manufacturers argue that most devices lack the necessary storage capacity to hold such extensive records.

In light of these developments, India’s IT Secretary, S. Krishnan, explained that the government is prepared to consider “legitimate concerns of the industry” with an open perspective, asserting that it is “premature” to reach any conclusions. India’s Press Information Bureau has further clarified that no definitive regulations have been established and the current phase is merely routine consultation with relevant stakeholders. A high-level meeting involving IT ministry officials and tech executives is anticipated to occur this week to further discuss the proposed framework.

IT Ministry Issues Clarification

The IT ministry has also stated that it “refutes the statement” regarding plans to request source code from smartphone manufacturers, though it has not provided additional details or comments on the documents referenced by Reuters.