India Demands Secret Source Code From Phone Giants

India is introducing a set of strict security requirements for smartphone manufacturers, a move that has ignited opposition from major tech companies. Proposed regulations mandate that manufacturers test and provide proprietary source code for review by government-designated laboratories. This is intended to identify potential vulnerabilities within phone operating systems that could be exploited by malicious actors. Industry groups, representing key players like Apple and Samsung, have voiced strong objections, deeming the source code disclosure requirement "not possible" due to corporate secrecy and global privacy policies.

Further complicating the issue, India's proposals include restrictions on background app permissions, prohibiting apps from accessing cameras, microphones, or location services when phones are inactive without continuous notifications. Manufacturers argue these measures lack global precedent and a clear testing methodology. Other contentious points involve periodic permission review alerts for users, a requirement to store security audit logs for one year, and mandatory periodic malware scanning. Companies warn that these could strain device storage and impact performance.

The government also requires that all non-essential pre-installed applications be deletable and that manufacturers notify a government organization before releasing major updates. Additionally, devices must detect and warn users about rooted or jailbroken phones and implement anti-rollback protection to prevent the installation of older software versions. Tech firms argue many of these demands are impractical, could compromise security by delaying critical updates, or lack reliable detection mechanisms.