NEW DELHI – January 11, 2026: In a move that could redefine the global digital landscape, the Indian government has proposed a massive security overhaul that would require smartphone manufacturers to disclose their proprietary operating system source code for state-mandated reviews. The policy, spearheaded by the National Centre for Communication Security (NCCS) and the Ministry of Electronics and Information Technology (MeitY), aims to safeguard India’s 750 million mobile users against deep-seated vulnerabilities, hidden backdoors, and foreign state-sponsored espionage.
The Core of the “Digital Sovereignty” Push
According to recent draft documents circulated among industry stakeholders, the new Indian Telecom Security Assurance Requirements (ITSAR) demand that manufacturers like Apple, Samsung, Google, and Xiaomi submit their software for rigorous testing in designated Indian laboratories.
Union Minister of State for Electronics and IT, recently highlighted that as India moves toward its “Viksit Bharat 2047” vision, digital security is a non-negotiable pillar. The proposal includes several aggressive mandates:
- Source Code Review: Mandatory submission of OS source code for “vulnerability analysis.”
- Freedom from Bloatware: A requirement for manufacturers to allow users to uninstall all pre-installed applications.
- Real-time Permissions: Blocking apps from accessing microphones and cameras in the background without persistent user notifications.
- Update Pre-approval: Phone makers must notify the government before releasing major software updates or security patches.
- Local Logging: Mandatory storage of 12 months of system activity logs on the device itself.
Industry Resistance: A “Mission Impossible” for Global Brands
The proposal has hit a wall of opposition from the Manufacturers’ Association for Information Technology (MAIT), which represents the world’s largest tech entities. In a formal response, industry leaders argued that the mandate is “not possible” due to the extreme risks to intellectual property and corporate secrecy.
“No major market in the EU, North America, or Australia mandates such intrusive requirements,” a senior industry analyst noted. Beyond IP concerns, manufacturers warn that continuous malware scanning and high-volume logging will severely drain battery life and degrade hardware performance. Smaller domestic players, while supportive of the security goals, are concerned that the technical cost of compliance could price them out of a competitive market.
Compliance and the Road Ahead
The government is currently in a 30 day consultation period with tech executives. While the final penalties are still being calibrated under the Telecommunications Act and the Digital Personal Data Protection (DPDP) Rules, non-compliance could lead to severe fines or, in extreme cases, a suspension of sales licenses in the world’s second-largest smartphone market.
As New Delhi and Silicon Valley prepare for a high-stakes meeting this Tuesday, the outcome will likely serve as a global litmus test: can a nation truly secure its digital borders without compromising the proprietary secrets of the companies that build them?
