(Singapore, 12.01.2026)India is considering a major overhaul of smartphone security regulations that could significantly change how mobile devices are designed, tested and updated in the country. The proposals, still under consultation, would impose a wide set of new technical requirements on phone makers, including deeper government oversight of software and stricter controls on apps, data logs and system updates.
According to Reuters, the draft rules would require smartphone manufacturers to share sensitive source code with government-approved laboratories and make multiple software changes as part of a package of 83 proposed security standards. The plans have sparked strong but largely behind-the-scenes resistance from some of the world’s biggest technology companies, which warn the measures could expose proprietary information and disrupt global operating systems.
The proposals are part of Prime Minister Narendra Modi’s push to strengthen digital security as online fraud, hacking incidents and data breaches continue to rise. India is the world’s second-largest smartphone market, with nearly 750 million devices in use, making any regulatory shift highly consequential for global brands such as Apple, Samsung, Google and Xiaomi.
India’s IT Secretary, S. Krishnan, told Reuters that the government remains open to industry feedback and that discussions are still ongoing. He said legitimate concerns raised by companies would be considered “with an open mind” and cautioned against drawing early conclusions about the final form of the rules. The Ministry of Electronics and Information Technology has also said it is consulting widely with the industry to develop what it calls a robust and balanced mobile security framework.
Following publication of the Reuters report, the ministry issued a statement saying it routinely engages with technology firms to understand technical challenges and compliance burdens. It also rejected claims that it was seeking smartphone source code from manufacturers, although it did not directly address the government and industry documents reviewed by Reuters that describe such requirements.
Source code access and industry resistance
At the center of the dispute is a proposal that would require phone makers to submit their operating system source code for “vulnerability analysis” and “source code review” by government-designated laboratories in India. Source code contains the core instructions that make software work and is among the most closely guarded assets of any technology company.
Industry executives argue that sharing this information would risk exposing trade secrets and intellectual property, and that no major global market mandates such access. In a confidential response seen by Reuters, MAIT — an industry body representing Apple, Samsung, Google and Xiaomi — said such reviews were “not possible” due to corporate secrecy obligations and global privacy policies. The group noted that countries in Europe, North America and Australia do not impose similar requirements.
Technology companies have historically resisted similar demands elsewhere. Apple, for instance, declined requests from China between 2014 and 2016 for access to its source code, while U.S. law enforcement agencies have also failed to obtain it despite lengthy legal efforts.
Broader security rules and practical concerns
The proposed security framework goes well beyond source code access. One major requirement would force manufacturers to allow users to uninstall most pre-installed apps, except those essential for basic phone functions. Regulators say this would give consumers more control and reduce hidden security risks, while companies counter that many bundled apps are deeply integrated into system operations.
Another set of rules would restrict apps from accessing cameras, microphones or location services in the background when phones are inactive. Devices would also need to display continuous notifications when such permissions are active and periodically prompt users to review app access. Manufacturers argue these measures lack global precedent and that no clear testing standards have been defined.
Phones would also be required to conduct periodic malware scans to identify potentially harmful applications. Industry groups warn that constant on-device scanning could significantly drain battery life and reduce performance, especially on lower-end devices that are widely used in India.
Under the draft proposals, smartphone makers would have to notify India’s National Centre for Communication Security before releasing major software updates or security patches, giving the agency the right to test them. Manufacturers say this is impractical because security fixes often need to be deployed immediately to counter active cyber threats.
The rules also require phones to store detailed system logs such as app installations and login attempts for at least 12 months on the device. Industry representatives argue that most consumer smartphones do not have enough storage capacity to retain a full year of such data.
Additional measures include mandatory warnings if a phone is “rooted” or “jailbroken,” as well as permanent blocks on installing older software versions to prevent security downgrades. Companies say there is no reliable way to detect jailbreaking in all cases and no global standard for some of these technical demands.
India’s technology regulations have triggered friction before. Last month, the government withdrew an order mandating a state-run cyber safety app on smartphones after companies raised concerns about surveillance. At the same time, New Delhi has pressed ahead with strict security testing rules for surveillance cameras, citing fears of foreign spying.
Market data from Counterpoint Research shows Xiaomi and Samsung together hold more than one-third of India’s smartphone market, while Apple accounts for about 5%. That scale means any regulatory shift in India could have ripple effects across global supply chains and software ecosystems.
For now, the proposed smartphone security standards remain under discussion, with further meetings between government officials and industry executives expected. As highlighted by Reuters, the debate underscores a growing global tension between governments seeking tighter digital oversight and technology companies determined to protect proprietary systems while continuing to deliver fast and secure updates to users.
