Govt. News Tech News

India proposes new smartphone rules, firms raise concerns

• ByStartupStory     |    January 13, 2026

India has proposed sweeping new smartphone security regulations that would force manufacturers to share proprietary source code and overhaul device software, drawing fierce opposition from global tech giants like Apple, Samsung, Google, and Xiaomi.

The draft rules, known as Indian Telecom Security Assurance Requirements (ITSAR), outline 83 stringent standards aimed at curbing data breaches and cyber fraud in India’s 750 million+ smartphone market. Tech firms warn the measures lack global precedent and could expose trade secrets while disrupting operations.

Core Proposals Ignite Industry Backlash

The most contentious requirement demands submission of full source code – the core software blueprint – to government-approved labs for vulnerability scans and security audits. Industry body MAIT calls this “not possible” due to secrecy concerns, noting no major markets like EU, US, or Australia impose similar mandates.moneycontrol+3​

Other mandates include:

• Pre-notification to the National Centre for Communication Security before major OS updates or patches, potentially delaying critical fixes.​

• Permanent blocking of older software versions to prevent exploits, even if officially signed.​

• Continuous user alerts when apps access cameras, mics, or location in background; periodic permission reviews.​

• On-device storage of detailed system logs (app installs, logins) for 12 months – impractical for budget phones.​

• Automatic malware scans that could drain batteries on low-end devices.​

• Full uninstallation of all pre-installed apps except core system functions.​

Government’s Security Push vs Tech Realities

The Modi government frames ITSAR as essential protection against rising online fraud and foreign surveillance risks in the world’s second-largest smartphone market (150M+ annual shipments). Recent incidents like massive data leaks have amplified calls for tighter controls.reuters+1​

Manufacturers counter with technical feasibility gaps: no reliable jailbreak detection exists, storage limits rule out year-long logs, and update delays expose users to live threats. This echoes past friction, like scrapped mandatory cyber apps over privacy fears.​

Market leaders Xiaomi (19% share), Samsung (15%), and Apple (5%) face the biggest compliance headaches, as most Indian users rely on affordable Android devices.​

Stakeholder Talks Heat Up

MeitY insists the rules remain drafts under “routine consultations” and denies source code mandates, committing to address industry concerns through ongoing dialogue. Yet leaked documents reveal 83 specific standards already circulated to OEMs.theregister+2​

Digital rights groups warn of surveillance overreach, while advertisers eye impacts on app tracking and mobile ad revenue. Compliance could raise device prices 10-15%, hitting price-sensitive consumers and slowing 5G adoption.​

What’s Next for India’s $40B+ Market

Final rules could emerge by mid-2026, forcing custom India-specific firmware that fragments global update cycles. Success might yield safer devices; failure risks supply chain chaos and legal battles.

The clash pits national security against innovation boundaries, with 1.4 billion Indians’ data privacy hanging in balance. Tech giants push for risk-based standards over blanket mandates, but New Delhi shows little sign of backing down.

Follow Startup Story