Original news source. The core details of this development were reported by Reuters and featured in The Hindu, available at: https://epaper.thehindu.com/ccidist-ws/th/th_international/issues/165840/OPS/GMFFD4916.1+G64FE7F0P.1.html
Current status of the proposal. As of early 2026, the Ministry of Electronics and Information Technology (MeitY) is conducting stakeholder consultations regarding the Indian Telecom Security Assurance Requirements (ITSAR).
Scope of the regulation. The framework encompasses a package of 83 security standards aimed at securing the world’s second-largest smartphone market, which currently hosts nearly 750 million devices.

Source

Demanding proprietary “DNA.” The most contentious proposal requires manufacturers to grant the government access to their source code—the underlying programming instructions of the device—for “vulnerability analysis.”
Analysis in local labs. This code would be analyzed and tested at designated Indian laboratories to detect potential backdoors, spyware, or systemic security flaws.
Firm corporate resistance. Tech giants like Apple and Samsung have historically denied such requests from major powers like the U.S. and China, citing the risk to intellectual property and trade secrets.

Combating rising cybercrime. Prime Minister Narendra Modi’s administration views these measures as essential to curb the surge in online fraud and data breaches affecting Indian citizens.
Ensuring digital sovereignty. The Centre aims to reduce reliance on foreign security assurances by establishing a localized regime for testing device-level security.
Protecting sensitive data. Given that smartphones are now central to financial transactions and public service delivery, the government argues that “unsecured” devices pose a national security risk.

Mandatory notification of patches. Smartphone makers would be required to inform the National Centre for Communication Security (NCCS) about major software updates and security patches before they are released to the public.
Government right to test. The proposal grants the NCCS the legal authority to test these updates, potentially delaying their rollout to end-users.
Impracticality for “Zero-Day” fixes. Industry experts warn that seeking government approval for emergency patches is impractical, as security fixes must be issued instantly to protect users from active exploits.

One-year storage requirement. Devices would be required to store digital records and “logs” of system activities (such as logins and app installations) for at least 12 months.
Forensic aid for law enforcement. These logs are intended to assist in investigations following cybercrimes or data theft incidents.
Hardware storage constraints. Industry body MAIT has argued that consumer-grade smartphones do not have the dedicated storage headroom to maintain such extensive logs without impacting user space.

Automated background checks. The proposed rules mandate automatic and periodic malware scanning on all smartphones to detect malicious software after the device is sold.
Impact on battery life. Tech companies have countered that frequent, system-wide scans would significantly drain battery life and degrade overall device performance.
Privacy and surveillance fears. Privacy advocates worry that government-mandated scanning could be a precursor to deeper state surveillance of personal data on mobile devices.

Blocking background access. The requirements seek to block apps from using cameras, microphones, or location services in the background when the phone is inactive.
Mandatory status-bar alerts. To avoid “malicious usage,” devices must display continuous, prominent notifications whenever sensitive sensors are being accessed by any application.
User fatigue concerns. Manufacturers argue that excessive permission alerts could lead to “alert desensitization,” where users stop paying attention to critical security warnings.

Enforcing uninstallation options. The government wants to mandate that users have the option to uninstall all non-essential pre-installed applications (bloatware).
Definition of “essential” apps. A point of friction remains as manufacturers argue many pre-installed apps are integral system components that cannot be removed without breaking core functionality.
Enhancing consumer choice. This move is designed to give users more control over their device’s storage and data sharing from the moment of purchase.

Detection of “Rooting.” Phones would be required to detect if they have been “jailbroken” or “rooted” and must display persistent warning banners to the user.
Blocking software downgrades. The rules propose “Anti-Rollback Protection,” which permanently blocks the installation of older software versions to prevent users from reverting to versions with known security holes.
Lack of global standards. Industry representatives claim there is no universally reliable detection mechanism for tampering that works across all hardware architectures.

Government denial of “force.” Following media reports, the Press Information Bureau (PIB) issued a clarification stating the government is not “forcing” source code sharing but is in “routine consultations.”
MeitY’s open-mind policy. IT Secretary S. Krishnan stated that the ministry is willing to address “legitimate concerns” and that it is premature to view the draft as a finalized law.
Potential for a “Sanchar Saathi” repeat. Observers note that the government previously revoked a mandate for the Sanchar Saathi app after pushback, suggesting the current proposal may also be significantly watered down.

India’s Smartphone Source Code & ITSAR Security Quiz

Instructions

Total Questions: 15

Time: 15 Minutes

Each question has 5 options. Multiple answers may be correct.

Time Left: 15:00