India is preparing a sweeping overhaul of smartphone security norms, a move that could significantly alter how global phone makers operate in the country. Draft requirements under discussion would impose tighter controls on software, permissions, and updates, steps officials believe are necessary to strengthen digital security. However, major technology companies argue that several of these proposals are unrealistic, unprecedented globally, and potentially harmful to user experience, according to a Reuters report citing multiple sources and documents.
One of the most contentious proposals requires smartphone manufacturers to submit proprietary source code for testing at government-designated laboratories. The aim is to identify vulnerabilities in operating systems that could be exploited by hackers. Industry body MAIT, which represents companies such as Apple, Samsung, Google, and Xiaomi, has told authorities this is “not possible,” citing strict corporate confidentiality norms and global privacy commitments. Companies fear that sharing source code could expose sensitive intellectual property and conflict with international policies, as per the report.
New Limits On App Permissions And User Alerts
The draft rules also seek to curb how apps access sensitive features like cameras, microphones, and location services. Apps would be barred from using these permissions in the background when phones are inactive, and users would see continuous status bar notifications when access is enabled. In addition, devices would periodically prompt users to review all app permissions, claims the report.
Manufacturers argue that such alerts should be restricted to “highly critical” permissions, warning that constant notifications could overwhelm users. They also point out the lack of a globally accepted testing framework for enforcing these rules, the report added.
Data Storage, Malware Scans, And System Performance
Another requirement would force devices to retain security logs, including app installations and login attempts, for an entire year. MAIT contends that most consumer smartphones simply do not have sufficient storage capacity to hold such extensive records. Phones would also be required to run periodic malware scans to flag harmful applications. Companies caution that continuous scanning could drain batteries and slow down device performance, undermining user satisfaction, the report states.
App Removal, Updates, And Device Integrity
The proposals further mandate that most pre-installed apps be removable, excluding only those essential for basic phone functions. Manufacturers counter that many bundled apps are deeply integrated into system operations and cannot be safely deleted.
Additionally, phone makers would need to inform a government body before rolling out major software updates or security patches. Industry players describe this requirement as “impractical,” arguing that delays in releasing patches could leave users exposed to active cyber threats, said the report.
It further added that other measures include mandatory warnings for rooted or jailbroken devices, permanent blocks on rolling back to older software versions, and safeguards against tampering. Companies say reliable detection of jailbreaking is not always feasible and note that there is no global standard for some of these controls.
