New Delhi, 11 January 2026 – India has proposed forcing major smartphone manufacturers to provide India smartphone source code to designated government labs for vulnerability assessments, as part of an extensive security upgrade targeting the nation’s 750 million devices.
The initiative stems from escalating online fraud and data breaches, prompting Prime Minister Narendra Modi’s administration to enforce stricter controls on device software and operations.
This development holds significance for South Asia, where India’s tech policies often influence neighbouring markets like Pakistan and Bangladesh. Enhanced security measures could set regional benchmarks for data protection, potentially affecting cross-border trade in electronics and heightening scrutiny on Chinese imports amid ongoing geopolitical tensions.
India Smartphone Source Code: Proposal Details
The plan requires companies to submit India smartphone source code for analysis at Indian testing facilities. This includes full security evaluations to identify potential risks. Manufacturers must also notify authorities of significant software updates and security patches prior to public release.
Additional mandates cover 83 security standards. These encompass enabling users to uninstall pre-installed applications and preventing apps from accessing cameras or microphones without explicit permission. Devices would need to perform automatic, periodic malware scans.
Phone logs must be retained on the device for a minimum of 12 months to aid investigations. The standards, initially drafted in 2023, are now under review for legal enforcement. A key meeting between the Ministry of Electronics and Information Technology (MeitY) and industry executives is set for 13 January 2026.
IT Secretary S. Krishnan stated that any legitimate industry concerns would be addressed openly. He described the process as premature for deeper interpretations.
India Security Overhaul Smartphones: Industry Pushback
Tech firms have voiced strong objections to the India security overhaul smartphones. The Manufacturers’ Association for Information Technology (MAIT), representing giants like Apple, Samsung, Google, and Xiaomi, argued in a confidential submission that sharing source code violates secrecy and privacy norms.
MAIT highlighted that no major economies in the European Union, North America, Australia, or Africa impose similar requirements. They contended that regular malware scanning would drain battery life significantly. On log storage, MAIT noted insufficient device space for retaining data over 12 months.
A December 2025 ministry document echoed these sentiments, stating that global security mandates do not exist in this form. Industry sources fear the India source code requirement could expose proprietary technologies, deterring innovation and investment.
Market data from Counterpoint Research shows Xiaomi holding 19 percent share in India, Samsung at 15 percent, and Apple at 5 percent. Chinese firms like Xiaomi face particular challenges, building on prior government actions such as mandatory testing for security cameras over espionage concerns.
The government has previously enforced policies despite opposition, including revoking a mandate for a state-run cyber safety app in December 2025 after privacy outcries. However, it proceeded with camera certifications.
India Source Code Requirement: Regulatory Framework
The India source code requirement aligns with broader telecom security protocols. The Indian Telecom Security Assurance Requirements (ITSAR), issued by the National Centre for Communication Security (NCCS), stipulate that source code must be available for review at telecom security testing laboratories or agreed locations.
This framework supports vulnerability analysis and compliance checks. The Department of Telecommunications (DoT) extended the Pro Tem Security Certification Scheme for two years starting 1 January 2026, as per a Press Information Bureau release. This scheme facilitates interim certifications for telecom equipment pending full standards.
The Telecommunication Engineering Centre (TEC) has also published codes of practice for securing consumer Internet of Things devices, which include baseline security requirements. While focused on IoT, these guidelines inform smartphone policies given overlapping technologies.
India’s approach reflects a push for self-reliance in digital security. With nearly 750 million smartphones in use, the government aims to curb fraud incidents, which have surged in recent years. Official data indicate billions in losses from online scams annually.
Background
India’s telecom sector has evolved rapidly since the 2010s, with smartphone penetration driving economic growth. The market ranks second globally, behind China. Prime Minister Modi’s Digital India initiative, launched in 2015, emphasises secure digital infrastructure.
Past regulations include the Information Technology Act 2000, amended multiple times to address cyber threats. In 2021, new intermediary guidelines required platforms to trace message origins under certain conditions.
Geopolitical factors play a role. India banned over 200 Chinese apps in 2020 citing security risks, straining relations with Beijing. Xiaomi, a leading player, has faced tax evasion probes and asset freezes, though some were resolved.
South Asian neighbours watch closely. Pakistan’s telecom authority has similar certification requirements, while Bangladesh focuses on data localisation. India’s moves could prompt harmonised standards across the region, boosting collective cyber resilience.
Economic stakes are high. The smartphone industry contributes to India’s USD 100 billion electronics manufacturing target by 2025, achieved ahead of schedule. Foreign investments from Samsung and Apple assembly plants underscore the sector’s importance.
However, stringent rules risk alienating investors. MAIT’s submissions warn of potential supply chain disruptions and increased costs passed to consumers.
India Telecom Security Source Code: Broader Implications
The India telecom security source code aspect extends to network equipment. ITSAR mandates source code reviews for routers and switches, now potentially applying to handsets.
Government officials argue these steps protect user data sovereignty. With data breaches exposing millions of records yearly, proactive measures are deemed essential.
Critics counter that such access could enable surveillance, echoing global debates on backdoors in encryption. The European Union’s General Data Protection Regulation offers a contrast, focusing on privacy without source code mandates.
In South Asia, where mobile banking and e-governance thrive, secure devices are vital. India’s proposal might inspire similar policies in Sri Lanka or Nepal, fostering a unified front against cyber threats from state actors.
What’s Next
Stakeholders await outcomes from the 13 January 2026 meeting. MeitY may revise the standards based on feedback. If enacted, implementation could begin within months, with phased rollouts for existing devices.
International diplomacy might influence the process, especially with US firms like Apple involved. Trade talks with the EU and US could address these concerns.
The proposal underscores India’s commitment to robust digital defences. As consultations progress, the balance between security and innovation remains key.
In conclusion, the India smartphone source code initiative represents a bold step towards fortified telecom ecosystems, though its execution demands careful navigation of industry resistances.
Published in SouthAsianDesk, January 11th, 2026
Follow SouthAsianDesk on X, Instagram and Facebook for insights on business and current affairs from across South Asia.
