Indian Government Denies Request for Smartphone Source Code

The Government of India has refuted claims that it demanded smartphone manufacturers share their source code as part of a proposed security overhaul. The denial followed a report by Reuters stating that the government sought this information along with various software modifications to strengthen mobile security.

On October 15, 2023, the Press Information Bureau (PIB) took to social media platform X to clarify, stating, “The Government of India has NOT proposed any measure to force smartphone manufacturers to share their source code.” The PIB emphasized that the Ministry of Electronics and Information Technology is currently engaging in stakeholder consultations to establish a suitable regulatory framework for mobile security.

The PIB noted that these discussions are routine and aimed at devising safety or security standards in collaboration with the industry. “Once a stakeholder consultation is done, then various aspects of security standards are discussed with the industry,” the statement read. It reassured that no final regulations have been established and that any future framework will emerge only after thorough consultations.

The initial report indicated that the Indian government requested smartphone manufacturers to provide access to their source code and implement a series of new security protocols. Sources familiar with the discussions raised concerns that the proposed package of 83 security standards could compromise proprietary information and lacks precedent on a global scale.

IT Secretary S Krishnan conveyed to Reuters that the government would address legitimate industry concerns with an open mind, adding it was “premature to read more into it.” A spokesperson for the ministry refrained from further comments, citing ongoing consultations with tech companies regarding the proposals.

Among the contentious requirements in the Indian Telecom Security Assurance Requirements is the demand for access to source code. This component involves analyzing and possibly testing the underlying programming instructions in designated Indian laboratories. Additionally, companies would be required to modify software to enable the uninstallation of pre-installed applications and to restrict apps from using device cameras and microphones in the background.

A December 2022 document from the IT ministry highlighted industry concerns, noting that such security mandates have not been established universally by other nations. Major companies, including Apple, Samsung, Google, and Xiaomi, were part of the discussions addressing these issues.

The proposed security standards, drafted in 2023, have gained renewed attention as the government considers implementing them legally. Executives from the IT ministry and technology firms are scheduled to meet on October 17, 2023, for further deliberations.

The Manufacturers’ Association for Information Technology (MAIT) recently urged the ministry to reconsider its proposal, according to sources with direct knowledge of the discussions.

In response to the controversy, the Ministry of Electronics and Information Technology reiterated its commitment to conducting regular consultations on safety compliance. “Following stakeholder consultations, detailed discussions are held with industry on different dimensions of security requirements,” the ministry stated.

The India Cellular & Electronics Association (ICEA), which represents the electronics sector, clarified that these discussions are not unprecedented. Pankaj Mohindroo, Chairman of ICEA, stated, “It is completely normal for the government to engage industry in such discussions—to ask technical and compliance questions and for the industry to respond with international practices and what might be possible or not.”

As the situation develops, the outcome of these consultations will be pivotal in shaping the future landscape of mobile security regulations in India.