India is considering new mobile security standards that could require smartphone makers to share operating system source code with government-designated testing labs. The proposal has raised concerns among major device manufacturers, including Apple and Samsung, over potential risks to security and intellectual property.
The reported plan is part of a broader framework of proposed rules aimed at strengthening smartphone security and reducing digital fraud. Draft requirements described in the report include mandatory security testing, malware scanning, and restrictions on how apps access sensitive device functions such as cameras and microphones. One of the most contested elements is the suggestion that companies could be asked to provide source code, which would allow deeper inspection of how operating systems function and how security protections are implemented.
Industry representatives said forcing companies to share source code would be unusual compared with other major markets. Manufacturers argue that such access could expose proprietary technology and increase the risk of security weaknesses being discovered and misused if the code is not handled under strict safeguards. Companies also raised concerns about how code access would be managed, who would be authorised to review it, and what protections would be in place to prevent leaks or misuse.
The draft framework also includes provisions that could require advance notification of major software updates and security changes. Some companies have warned that requirements of this kind could slow the deployment of patches, which are often released quickly to address newly discovered vulnerabilities. Delays in security updates can increase the time that devices remain exposed to known threats.
Indian officials have said the country is consulting with manufacturers and other stakeholders and that discussions are ongoing. The government has framed the initiative as an effort to improve device security and protect user data across a large and growing mobile market. India has one of the world’s largest smartphone user bases, and phones are widely used for banking, payments, identity services, and access to government programs.
After the report was published, an Indian government statement cited in local media disputed claims that there is a formal plan to force smartphone makers to provide source code. The statement said consultations are part of work on security standards and that some reporting on specific measures was misleading. No final rules have been announced.
The debate reflects wider tensions between government efforts to strengthen national cybersecurity and industry concerns about protecting intellectual property and maintaining secure software development practices. Any final requirements would likely affect how smartphone makers test and certify devices for sale in India and could influence similar regulatory discussions in other countries.