India’s push for tighter smartphone security puts Apple, Samsung and Google on the defensive

The Indian government is weighing a sweeping set of new security rules for smartphones that could force global tech giants to share their source code and notify authorities about major software updates, as per a Reuters report, a move that has sparked strong, though largely behind-the-scenes, resistance from companies such as Apple, Samsung and Google.

The proposals form part of a broader push by the Narendra Modi government to strengthen the protection of user data in India, which has nearly 750 million smartphone users and has seen a sharp rise in online fraud and data breaches. Under the draft framework, known as the Indian Telecom Security Assurance Requirements, manufacturers would have to comply with 83 security standards designed to give regulators greater visibility into how mobile devices and their software function.

Among the most controversial elements is a requirement that smartphone makers provide access to their source code the core programming that runs a device so it can be reviewed and tested in government-designated laboratories. The government is also seeking powers to be informed in advance of major software updates and security patches, which it could then examine for vulnerabilities before they are released to consumers.

Also read: Meta dismisses Instagram data leak claims after password reset scare rattles users

Officials say the intent is to improve security, not to intrude on business secrets. IT Secretary S. Krishnan said the government was open to dialogue and would consider “any legitimate concerns of the industry,” adding that it was too early to draw firm conclusions while consultations are ongoing.

But industry groups and companies argue that the measures go far beyond international norms and could undermine innovation and user privacy. According to documents shared with the government, the Mobile and Electronics Association of India (MAIT), which represents Apple, Samsung, Google and Xiaomi, has warned that no major market in Europe, North America or Australia requires companies to hand over source code for official scrutiny.

The association has also objected to proposals for mandatory malware scans on devices, which it says could drain battery life, and to requirements that detailed system logs be stored on phones for at least a year, citing storage limitations. Another point of friction is the idea that firms would need to notify the government before rolling out software updates, which MAIT has described as impractical given how quickly patches often need to be released to address security threats.

Also read: Maharashtra civic polls see ₹55 crore digital ad spend on Meta, Google

The debate highlights a broader tension between India’s desire to tighten digital security and the tech industry’s concern about regulatory overreach. While the government has previously backed down on some technology mandates such as a now-withdrawn requirement for a state-backed cybersecurity app it has also pushed ahead with strict rules in other areas, including security testing for surveillance equipment.

With India one of the world’s largest and fastest-growing smartphone markets, the outcome of these talks could have far-reaching implications for how global tech companies operate in the country. For now, negotiations are continuing, with both sides locked in a delicate balancing act between national security priorities and the protection of commercial and technological interests.