India is considering one of the most sweeping regulatory moves ever proposed for the smartphone industry, a plan that could fundamentally change how devices are built, tested, and updated in the country. The proposal would require smartphone manufacturers to share their source code with the Indian government and implement a wide range of new software-level security safeguards. Unsurprisingly, the move has triggered strong resistance from some of the world’s biggest tech companies, including Apple and Samsung.
At the heart of the controversy are 83 new security standards drafted under India’s Telecom Security Assurance Requirements. According to people familiar with the discussions and confidential documents reviewed by Reuters, these standards would force manufacturers to alert the government about major software updates, submit devices for expanded security testing, and potentially expose proprietary software to government-designated laboratories.
For smartphone makers, this is a red line.
Why India Is Pushing for Tighter Controls
The Indian government argues that the proposal is driven by national security and consumer protection concerns. Prime Minister Narendra Modi’s administration has repeatedly emphasized the need to safeguard user data amid a sharp rise in online fraud, cybercrime, and data breaches.
India is the world’s second-largest smartphone market, with around 750 million active devices. That scale makes it both an economic opportunity and a security challenge. A single vulnerability can affect millions of users, and officials believe stricter oversight is necessary to reduce systemic risk.
IT Secretary S. Krishnan told Reuters that the government remains open to dialogue, stating that “any legitimate concerns of the industry will be addressed with an open mind,” while cautioning that it is “premature to read more into it.” The IT ministry has declined to provide further comment as consultations with technology companies are still ongoing.
Industry Pushback and Lack of Global Precedent
Behind closed doors, however, opposition from the tech industry has been intense. Apple, Samsung, Google, Xiaomi, and MAIT—the industry body representing these firms in India—have declined to comment publicly, but documents reveal deep concern over the scope and implications of the proposal.
One of the most contentious elements is the demand for access to source code—the foundational software instructions that power smartphones. Under the draft rules, companies would be required to conduct a “complete security assessment,” after which Indian testing labs could independently review and analyze the source code.
For manufacturers, source code is among their most closely guarded assets. Apple famously rejected similar demands from China between 2014 and 2016, and even U.S. authorities have failed to obtain such access. Industry representatives argue that sharing source code risks exposing trade secrets and could undermine global cybersecurity by increasing the number of entities with access to sensitive systems.
“This is not possible due to secrecy and privacy,” MAIT said in a confidential response to the government. The group also noted that major regions including the European Union, North America, Australia, and Africa do not mandate such requirements.
A Familiar Regulatory Tug of War
This is not the first time India’s government and technology companies have clashed over regulation. In a recent case, authorities rolled back a proposal that would have required smartphones to ship with a state-backed cyber safety app after concerns were raised about surveillance. However, resistance was unsuccessful last year when the government implemented strict security testing rules for cameras, citing fears of espionage linked to Chinese technology.
That history suggests that industry pushback does not always lead to policy reversal.
According to Counterpoint Research, Xiaomi and Samsung together control more than a third of India’s smartphone market, with shares of 19% and 15% respectively, while Apple holds about 5%. Xiaomi and Samsung rely heavily on Google’s Android platform, adding another layer of complexity to compliance with the proposed standards.
Software Changes That Could Affect Users
Beyond source code access, the draft rules would require manufacturers to make several user-facing software changes. These include enabling the removal of pre-installed apps, restricting apps from accessing cameras and microphones in the background to prevent “malicious usage,” and running automatic, periodic malware scans.
Manufacturers would also need to notify the National Centre for Communication Security about significant software updates and security patches before releasing them. The agency would retain the right to test these updates, potentially slowing down deployment.
MAIT has warned that these measures could negatively affect user experience. Frequent malware scans, the group argues, would lead to noticeable battery drain, while requiring prior government clearance for updates is “impractical” in a world where security fixes often need to be rolled out immediately to counter active threats.
The proposal also mandates that smartphones store system logs—records of device activity—for at least 12 months on the device itself. Industry representatives argue that many devices simply do not have enough storage capacity to meet this requirement.
What Comes Next?
The security standards, first drafted in 2023, are now at the center of renewed discussions as the government considers making them legally binding. Sources indicate that senior IT ministry officials and tech executives have scheduled further meetings to negotiate the terms.
According to people with direct knowledge of the matter, MAIT formally asked the ministry last week to withdraw the proposal altogether.
Whether India chooses to soften its stance or push forward regardless of industry opposition will have global implications. If implemented in full, the rules could set a powerful precedent for other countries seeking deeper access to consumer technology in the name of security.
For now, the standoff continues—highlighting the growing tension between national digital sovereignty and the globalized nature of modern technology.