SECURITY BOOST OR REGULATORY OVERREACH?
Even if the Indian government had pushed for smartphone makers to share the source code, analysts told CNA that this would have led to phone makers rejecting it.
“OEMs (original equipment manufacturers) like Apple and Samsung reject source code disclosure over IP (intellectual property) risks and absent global precedents,” said Prabhu Ram, vice-president of research firm CyberMedia Research.
No other country has mandated smartphone players to give access to their source code for security checks, which makes it even harder for Indian authorities to push for such compliance.
In the past, Apple refused to provide its source code to Chinese authorities.
“This is likely to end in a negotiated compromise rather than a hard mandate, with security expectations clarified but enforcement softened,” said Sanyam Chaurasia, principal analyst at Canalys.
“India currently lacks a clear statutory authority to compel proprietary OS (operating system) handovers, and enforcing India-specific rules would collide with global software governance and IP protection frameworks.”
That said, some analysts said such a move would boost security on smartphones.
“Given rising cyber fraud, IMEI (International Mobile Equipment Identity) cloning, and systemic smartphone vulnerabilities in India’s smartphone-first economy, regulatory safeguards are imperative,” said Ram.
“Whether MeitY’s proposed standards balance national security and innovation remains open,” he added.
Analysts said that if the government’s 2023 proposal went through, the biggest impact would fall on mass-market Android smartphone makers, which operate on thinner margins and faster update cycles, making compliance to security standards more costly.
“Consumers may see indirect effects through slower updates or higher device costs rather than overt surveillance,” said Chaurasia.
“The Indian government appears to be advancing its ‘security-first’ initiative, driven by national security concerns over external surveillance and control of nearly 800 million smartphone users,” said Neil Shah, analyst and co-founder of Counterpoint Research.
He added that the “vulnerability of Indian citizens to espionage through foreign software and cloud services” is a latent concern for the Indian government.
About 75 per cent of the smartphone market share in India has been captured by Chinese brands such as Vivo, Oppo, and Xiaomi, according to Counterpoint Research.
The source code is the programming instructions that define how the phone operates and is the proprietary custom software layer that distinguishes one brand’s features from another.
Giving access to the source code is like handing over the blueprint to a vault, as it can reveal the system’s most vulnerable parts.
Last month, the Indian government pushed a mandate for smartphone manufacturers to pre-install a state-owned cybersecurity app called Sanchar Saathi.
But after public backlash for fears of the government using it to spy, it was ultimately scrapped.
Source: CNA
