Tech giants like Apple and Samsung are secretly opposing India's proposal to require smartphone manufacturers to share source code with the government and make several software changes as part of a host of security measures.
The tech companies have countered that the package of 83 security standards, which would also require notifying the government of major software updates, lacks any global precedent. They warned it could also risk disclosing proprietary details.
The initiative is part of PM Narendra Modi's efforts to strengthen user data securityamid rising online fraud and data breaches in the world's second-largest smartphone market, with approximately 750 million phones.
IT Secretary S. Krishnan told Reuters that it was ‘premature to read more into it’ and that ‘any legitimate concerns of the industry will be addressed with an open mind.’ A spokesman for the ministry stated that it was unable to speak further since tech companies were still being consulted on the plans.
Requests for comment were not answered by Apple, Samsung in South Korea, Google, Xiaomi in China, or MAIT, the Indian trade association that represents the companies.
Technology companies have previously been irritated by the Indian government's regulations. An edict requiring a state-run cyber safety program on phones was rescinded last month amid concerns about spying. However, due to fears of Chinese espionage, the government rejected pressure last year and mandated stringent testing for security cameras.
According to Counterpoint Research, Apple holds 5% market share in India, while Xiaomi and Samsung, whose phones run Google's Android operating system, have 19% and 15%, respectively.
Access to source code, or the underlying programming instructions that make phones function, is one of the most sensitive requirements under the new Indian Telecom Security Assurance framework. According to the documents, this will be examined and perhaps tested in specific Indian laboratories.
To "avoid malicious usage," the Indian plans also mandate that businesses modify their software to enable the removal of pre-installed apps and to prevent apps from using cameras and microphones in the background.
According to a December IT ministry paper outlining discussions with Apple, Samsung, Google, and Xiaomi, “the industry raised concerns that globally security requirements have not been mandated by any country.”
The Indian proposals would require phones to be automatically and periodically scanned for malware. Before distributing significant software upgrades and security fixes to users, device manufacturers would also be required to notify the National Center for Communications Security, which would have the authority to test them.
According to MAIT's report, getting government approval for software upgrades is ‘impractical’ because they must be released quickly, and routine virus scanning severely depletes a phone's battery.
Additionally, India wants the phone's logs, digital records of its system activity, to be kept on the device for at least 12 months. In the document, MAIT stated, “There is not enough room on the device to store 1-year log events.”