.png){kind=logo}
6 hours ago
1
India is considering new smartphone security rules that would require device makers to allow government access to source code for “vulnerability analysis.” It would also require companies to notify the government of major software updates and security patches before rollout, according to Reuters.
This is the latest in a raft of unprecedented proposals by the Indian government under the guise of security, as it weighs making a package of 83 security standards drafted in 2023 legally binding in the world’s second-largest smartphone market with nearly 750 million smartphones.
Under the proposals, any source code review would be analyzed and potentially tested at designated labs in India. Major phone manufacturers have reportedly warned the Indian government that such a move risks revealing proprietary information.
The source code proposal comes alongside a series of additional recommendations such as restrictions on background permissions for apps and the option to remove all preinstalled apps. Reuters also reports the package would mandate periodic malware scanning and require phones to store system logs for at least 12 months, requirements that industry groups told the publication would drain battery life, run into storage limits and slow the rollout of necessary security updates.
The nation’s IT ministry told Reuters it "refutes the statement" that it is proposing manufacturers hand over their source code. This was despite a review of internal government and industry documents as part of the reporting. Government officials and industry executives are reportedly due to meet Tuesday for more discussions.
Last month, India was set to require a state-owned cybersecurity app be preinstalled on every smartphone in the nation before backpedaling after intense backlash. Just two days later, there was reportedly a proposal to require that smartphones keep location services on at all times with no way to turn them off.
English (US) ·