India is currently considering a set of tough new cybersecurity rules for smartphones that has major tech companies like Apple and Samsung seriously concerned - and quietly pushing back.
According to reports (primarily from Reuters, based on conversations with four people familiar with the discussions and reviews of confidential government and industry documents), the Indian government is proposing a package of 83 security standards under what's called the Indian Telecom Security Assurance Requirements (ITSAR). The most controversial part? Smartphone manufacturers would have to hand over their proprietary source code - the core programming instructions that power their phone operating systems - so it can be reviewed and tested in government-approved labs to spot potential vulnerabilities that hackers could exploit.
Other proposed requirements include forcing companies to notify the government ahead of major software updates, making changes so that pre-installed apps can be fully uninstalled by users, and blocking apps from secretly using cameras or microphones in the background (to prevent malicious spying). Manufacturers would also reportedly need to store system logs for at least a year and conduct automatic malware scans.
Why is India pushing this? The country is the world's second-largest smartphone market, with nearly 750 million devices in active use. In recent years, online fraud, phishing scams, and data breach incidents have surged, affecting millions of users. Prime Minister Narendra Modi's administration sees tighter controls on phone software and hardware as a way to better protect people's personal data and digital security.
But the plan has not gone down well with the big players. Apple, Samsung, Google, Xiaomi, and the industry group MAIT (which represents many of these brands in India) have reportedly told the government that these demands are unprecedented anywhere else in the world.
Handing over source code, they argue, creates serious risks of leaking valuable trade secrets and proprietary information, which could then be exploited by competitors or even malicious actors. They've called some of the requirements simply "not possible" given their global privacy policies and business models.
The discussions are still ongoing, and no final rules have been set. On January 11-12, 2026, India's Ministry of Electronics and Information Technology (MeitY) pushed back against some media interpretations, stating that the government has not proposed any forced source code sharing mandate. Instead, they described the process as routine stakeholder consultations to develop a balanced and robust framework for mobile security. They emphasized that they are committed to addressing legitimate industry concerns.
IT Secretary S. Krishnan also addressed the issue directly, telling Reuters that "any legitimate concerns of the industry will be addressed with an open mind," while adding that it was still "premature to read more into it" at this early consultation stage.
This isn't the first time India has clashed with global tech giants over phone regulations - previous proposals around pre-installing certain apps or other compliance measures have also sparked debate. With brands like Xiaomi and Samsung holding the largest shares of the Indian market (around 19% and 15% respectively), and Apple at about 5%, the outcome of these talks could have big implications for how smartphones are designed, updated, and sold in one of the fastest-growing tech markets on the planet.
For now, it's a classic tug-of-war: the government wants stronger safeguards against cyber threats, while companies worry about protecting their intellectual property and maintaining consistent global standards. Everyone agrees that better security is important - the question is how far the rules should go, and whether a compromise can be found before anything becomes mandatory.
