Phone makers in India not mandated to share source code, say industry body and government
The denials follow a Reuters report that India is proposing to require smartphone makers to give authorities access to source code, the programming instructions that make phones work.
by Collin Furtado · CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
SINGAPORE: There is no mandate from the Indian government requiring phone makers to share their source code, industry body MAIT said in a statement on Wednesday (Jan 14).
The statement by the group, which represents smartphone manufacturers in India, backs the government’s denial of a Reuters report that the country is proposing to require phone makers to give authorities access to the programming instructions that make phones work.
India’s Ministry of Electronics and Information Technology (MeitY) issued a statement on Sunday stating that the Reuters report “has selectively chosen to ignore the comments of the industry association, which clearly indicates its mischievous intent to sensationalise the news”.
The Reuters report had pointed to a 2023 government proposal of 83 security standards that would reportedly force smartphone makers to share their source code.
Subscribe to CNA’s Morning Brief
An automated curation of our top stories to start your day.
This service is not intended for persons residing in the E.U. By clicking subscribe, I agree to receive news updates and promotional material from Mediacorp and Mediacorp’s partners.
Loading
While it was drafted in 2023, the report said it is only now that the MeitY was “considering imposing them legally”, sparking backlash from online activists and experts concerned with the move infringing on the privacy of citizens.
Refuting the report, MAIT pointed to an official memorandum issued on June 18, 2025, that removed language suggesting mandatory sharing of source code. Instead, phone makers need to submit internal test reports, including a summary of the number of security vulnerabilities.
“Any suggestion that MAIT has advocated compulsory source code sharing is incorrect and misleading,” it said.
According to local media, a senior official said the source code claim was a mischaracterisation of recent talks between the government and industry, which were meant to assess which industry standards are practical to implement after smartphone security oversight was transferred from the Department of Telecommunications (DoT) to MeitY.
SECURITY BOOST OR REGULATORY OVERREACH?
Even if the Indian government had pushed for smartphone makers to share the source code, analysts told CNA that this would have led to phone makers rejecting it.
“OEMs (original equipment manufacturers) like Apple and Samsung reject source code disclosure over IP (intellectual property) risks and absent global precedents,” said Prabhu Ram, vice-president of research firm CyberMedia Research.
No other country has mandated smartphone players to give access to their source code for security checks, which makes it even harder for Indian authorities to push for such compliance.
In the past, Apple refused to provide its source code to Chinese authorities.
“This is likely to end in a negotiated compromise rather than a hard mandate, with security expectations clarified but enforcement softened,” said Sanyam Chaurasia, principal analyst at Canalys.
“India currently lacks a clear statutory authority to compel proprietary OS (operating system) handovers, and enforcing India-specific rules would collide with global software governance and IP protection frameworks.”
That said, some analysts said such a move would boost security on smartphones.
“Given rising cyber fraud, IMEI (International Mobile Equipment Identity) cloning, and systemic smartphone vulnerabilities in India’s smartphone-first economy, regulatory safeguards are imperative,” said Ram.
“Whether MeitY’s proposed standards balance national security and innovation remains open,” he added.
Analysts said that if the government’s 2023 proposal went through, the biggest impact would fall on mass-market Android smartphone makers, which operate on thinner margins and faster update cycles, making compliance to security standards more costly.
“Consumers may see indirect effects through slower updates or higher device costs rather than overt surveillance,” said Chaurasia.
“The Indian government appears to be advancing its 'security-first' initiative, driven by national security concerns over external surveillance and control of nearly 800 million smartphone users,” said Neil Shah, analyst and co-founder of Counterpoint Research.
He added that the “vulnerability of Indian citizens to espionage through foreign software and cloud services” is a latent concern for the Indian government.
About 75 per cent of the smartphone market share in India has been captured by Chinese brands such as Vivo, Oppo, and Xiaomi, according to Counterpoint Research.
The source code is the programming instructions that define how the phone operates and is the proprietary custom software layer that distinguishes one brand’s features from another.
Giving access to the source code is like handing over the blueprint to a vault, as it can reveal the system's most vulnerable parts.
Last month, the Indian government pushed a mandate for smartphone manufacturers to pre-install a state-owned cybersecurity app called Sanchar Saathi.
But after public backlash for fears of the government using it to spy, it was ultimately scrapped.
Newsletter
Morning Brief
Subscribe to CNA’s Morning Brief
An automated curation of our top stories to start your day.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app