India presses tech firms on smartphone code access
Government authorities are moving to compel smartphone manufacturers to submit portions of their operating system source code for mandatory security audits, escalating a standoff with global technology companies that warn such a requirement could undermine intellectual property protections and user privacy. The proposal, under discussion within policy circles in New Delhi, reflects mounting concern about cyber intrusions, supply-chain vulnerabilities and the growing role of mobile devices in payments, governance and national security. Officials familiar with the matter say the plan would require vendors selling smartphones in the country to make critical software components available for inspection by government-approved laboratories. The focus would be on core operating system layers, firmware and security modules rather than consumer-facing applications. Proponents argue that access to code is essential to verify whether hidden vulnerabilities, backdoors or insecure update mechanisms could be exploited by hostile actors. The push has brought the government into direct tension with companies such as Apple and Samsung, whose devices dominate the premium and mass-market segments. Executives and industry representatives have privately conveyed resistance, arguing that exposing proprietary code, even to auditors bound by confidentiality, creates unacceptable risks of leaks and reverse engineering. They also contend that global platforms already undergo extensive third-party security testing and comply with international standards. At the heart of the debate is whether national security imperatives justify a departure from prevailing global norms. Countries including China and Russia operate regimes that allow state scrutiny of technology products, though often under opaque processes that foreign firms say are difficult to reconcile with commercial safeguards. Western regulators have largely relied on certification frameworks, vulnerability disclosure programmes and cooperation with vendors rather than direct access to source code. India’s approach, if formalised, would place it closer to the former camp, potentially setting a precedent for other large emerging markets. Government officials counter that smartphones have become gateways to sensitive data far beyond personal communications. Devices are routinely used for digital identity verification, financial transactions and access to public services. Any systemic weakness could have cascading effects. They also point to a rise in sophisticated cyber operations attributed by security researchers to state-linked groups, arguing that reliance on vendor assurances is no longer sufficient. The proposal is understood to be steered by the Ministry of Electronics and Information Technology, which has expanded its remit in cybersecurity and digital governance. Policy discussions have examined models ranging from escrow-based code access, where source material is held by a trusted intermediary, to controlled on-site inspections without code being copied. Each option presents trade-offs between assurance and exposure. Industry bodies warn that mandatory disclosure could chill investment and complicate product launches. Smartphone operating systems are developed on global codebases, updated frequently and protected by layers of licensing agreements with component suppliers. Altering that structure for a single market risks fragmenting development and delaying security patches. There are also concerns about reciprocity: once one jurisdiction demands code access, others may follow, multiplying compliance burdens. Privacy advocates occupy an ambivalent position. Some support deeper scrutiny to ensure devices do not surreptitiously collect or transmit data. Others caution that state access to low-level software could itself become a vector for abuse if oversight is weak. They stress the need for transparent audit criteria, independent supervision and clear limits on how findings are used. The commercial stakes are significant. India is one of the world’s largest smartphone markets by volume and a critical manufacturing hub under production-linked incentive schemes. Companies have invested heavily in assembly plants and local supply chains, betting on policy stability. A protracted dispute over code access could influence decisions on future capacity and research investment, even if an outright exit is unlikely. The article India presses tech firms on smartphone code access appeared first on Arabian Post.
Government authorities are moving to compel smartphone manufacturers to submit portions of their operating system source code for mandatory security audits, escalating a standoff with global technology companies that warn such a requirement could undermine intellectual property protections and user privacy. The proposal, under discussion within policy circles in New Delhi, reflects mounting concern about cyber intrusions, supply-chain vulnerabilities and the growing role of mobile devices in payments, governance and national security.
Officials familiar with the matter say the plan would require vendors selling smartphones in the country to make critical software components available for inspection by government-approved laboratories. The focus would be on core operating system layers, firmware and security modules rather than consumer-facing applications. Proponents argue that access to code is essential to verify whether hidden vulnerabilities, backdoors or insecure update mechanisms could be exploited by hostile actors.
The push has brought the government into direct tension with companies such as Apple and Samsung, whose devices dominate the premium and mass-market segments. Executives and industry representatives have privately conveyed resistance, arguing that exposing proprietary code, even to auditors bound by confidentiality, creates unacceptable risks of leaks and reverse engineering. They also contend that global platforms already undergo extensive third-party security testing and comply with international standards.
At the heart of the debate is whether national security imperatives justify a departure from prevailing global norms. Countries including China and Russia operate regimes that allow state scrutiny of technology products, though often under opaque processes that foreign firms say are difficult to reconcile with commercial safeguards. Western regulators have largely relied on certification frameworks, vulnerability disclosure programmes and cooperation with vendors rather than direct access to source code. India’s approach, if formalised, would place it closer to the former camp, potentially setting a precedent for other large emerging markets.
Government officials counter that smartphones have become gateways to sensitive data far beyond personal communications. Devices are routinely used for digital identity verification, financial transactions and access to public services. Any systemic weakness could have cascading effects. They also point to a rise in sophisticated cyber operations attributed by security researchers to state-linked groups, arguing that reliance on vendor assurances is no longer sufficient.
The proposal is understood to be steered by the Ministry of Electronics and Information Technology, which has expanded its remit in cybersecurity and digital governance. Policy discussions have examined models ranging from escrow-based code access, where source material is held by a trusted intermediary, to controlled on-site inspections without code being copied. Each option presents trade-offs between assurance and exposure.
Industry bodies warn that mandatory disclosure could chill investment and complicate product launches. Smartphone operating systems are developed on global codebases, updated frequently and protected by layers of licensing agreements with component suppliers. Altering that structure for a single market risks fragmenting development and delaying security patches. There are also concerns about reciprocity: once one jurisdiction demands code access, others may follow, multiplying compliance burdens.
Privacy advocates occupy an ambivalent position. Some support deeper scrutiny to ensure devices do not surreptitiously collect or transmit data. Others caution that state access to low-level software could itself become a vector for abuse if oversight is weak. They stress the need for transparent audit criteria, independent supervision and clear limits on how findings are used.
The commercial stakes are significant. India is one of the world’s largest smartphone markets by volume and a critical manufacturing hub under production-linked incentive schemes. Companies have invested heavily in assembly plants and local supply chains, betting on policy stability. A protracted dispute over code access could influence decisions on future capacity and research investment, even if an outright exit is unlikely.
The article India presses tech firms on smartphone code access appeared first on Arabian Post.
What's Your Reaction?
