India’s Smartphone Security Overhaul Sparks Source‑Code Clash With Apple and Samsung as Government Denies “Forced” Disclosure

Updated: Tuesday, January 13, 2026

India’s latest push to tighten smartphone security has turned into a high-stakes standoff between New Delhi and the world’s biggest handset makers—after reports said draft rules could require companies to submit operating‑system source code for government review. Apple, Samsung and other major brands are pushing back behind the scenes, arguing the measures could expose trade secrets and even weaken security if sensitive code is centralized.

But the Indian government is publicly disputing the “forced source code” narrative, calling the claim “fake” and insisting discussions are still at the consultation stage—setting up a confusing, fast-moving policy fight that could affect how iPhones and Android phones are updated, tested, and secured in one of the world’s biggest mobile markets. ( Reuters)

What’s happening today, January 13, 2026

Today’s coverage centers on three parallel developments:

• Draft smartphone security standards reported by Reuters that would add a sweeping set of requirements—potentially including source‑code review and advance notice of major updates. ( Reuters)
• A formal government rebuttal, with India’s Ministry of Electronics and IT (MeitY) framing the reporting as misleading and emphasizing that consultations are routine and no final rules exist yet. ( Press Information Bureau)
• An escalation from digital rights advocates, with the Internet Freedom Foundation (IFF) arguing that the denial does not match the existence of public technical documents and demanding transparency about what exactly is under consideration. ( Internet Freedom Foundation (IFF))

The core dispute: “source code” and who gets to inspect it

According to Reuters’ reporting, India is weighing a package of 83 security standards that could require smartphone manufacturers to undergo security assessments—and allow government-designated labs to verify claims through source code review and analysis. ( Reuters)

For companies like Apple (iOS) and Samsung (Android-based One UI), the source code behind key operating-system components is among the most tightly guarded intellectual property in the industry. Industry group MAIT has argued in communications referenced by Reuters that such review is “not possible” due to corporate secrecy and privacy policies, and that many major regions do not mandate comparable requirements. ( Reuters)

At the same time, the Indian government is contesting the idea that it has proposed forcing any company to hand over source code—saying its engagement with industry is part of routine stakeholder consultations and that no final regulations have been framed. ( Press Information Bureau)

What the draft smartphone security requirements reportedly include

Reuters’ reporting and follow-up factbox outline a wide range of proposed requirements under discussion, including:

1) Source-code disclosure for vulnerability testing

• Manufacturers would test and provide proprietary source code for review by government-designated laboratories to identify vulnerabilities that could be exploited. ( Reuters)

2) A new checkpoint for major software updates

• Companies would need to notify India’s National Centre for Communication Security (NCCS) ahead of major updates and security patches, with concerns that this could slow urgent fixes. ( Reuters)

3) Changes to app permissions and background access

• Draft provisions include restrictions on background access to sensitive phone features like camera, microphone or location services, plus clearer on-screen indicators. ( Reuters)

4) Malware scanning and extended security logging

• Mandatory or periodic malware scanning and on-device retention of security logs for an extended period (reported as 12 months) have been part of the debate, with manufacturers warning about battery and storage costs—especially on low-capacity phones. ( Reuters)

5) User control features like removable pre-installed apps

• Some proposals would require that many pre-installed apps be removable, which consumer advocates typically view positively. ( Reuters)

6) Anti-tampering and downgrade protections

• Draft measures include requiring devices to detect and warn users about rooting/jailbreaking, plus anti-rollback protections that block installing older software builds. ( Reuters)

None of this is confirmed as final law—but it’s the reported scope that has triggered both industry resistance and public debate.

Why Apple, Samsung and other phone makers are pushing back

The pushback is being driven by a mix of trade-secret risk, security risk, and operational feasibility:

• Trade secrets and competitive risk: Source code is proprietary. Handing it to third parties—especially across multiple labs or agencies—raises the risk of leaks or reverse engineering. ( Reuters)
• Cybersecurity “honeypot” concern: Critics argue that centralizing or expanding access to the most sensitive parts of iOS and Android could create a high-value target for attackers if any repository or process is compromised. ( Internet Freedom Foundation (IFF))
• Patch speed and user safety: Security fixes are often time-critical. Adding a notification step (or any approval-like gate) could delay urgent patches during active exploits—leaving devices exposed longer. ( Digital Trends)
• Device performance and storage constraints: Always-on scanning and long log retention can impact battery life, performance, and storage—particularly on budget smartphones, a major segment in India. ( Reuters)

The government’s position: “routine consultations,” no final rules

India’s Ministry of Electronics and IT (MeitY) has pushed back strongly against the idea that it is forcing manufacturers to disclose source code, saying:

• The government is conducting structured stakeholder consultations to build a robust mobile security framework.
• These discussions are part of regular and ongoing engagement on safety and security standards.
• No final regulations have been framed, and any future framework would follow due consultation.
• It explicitly refuted the claim that the government is proposing to force smartphone makers to share source code. ( Press Information Bureau)

MeitY also framed smartphone security as a growing national concern given the scale of mobile usage and the increasing role of phones in financial transactions and public services. ( Press Information Bureau)

Digital rights groups dispute the denial and demand transparency

On January 13, the Internet Freedom Foundation (IFF) sharpened the debate by arguing that a social-media denial does not reconcile with the existence of detailed technical documents available on government websites and under discussion. IFF said the government should clarify what “Indian Telecom Security Assurance Requirements” documents are, whether they are operative drafts, and what exactly is being discussed with manufacturers. ( Internet Freedom Foundation (IFF))

IFF laid out six questions directed to MeitY and the Department of Telecommunications (DoT), including whether the ITSAR document exists as a policy draft, whether the publicly available version is current, and whether provisions like source-code review and 12-month log retention are intended for enforcement. ( Internet Freedom Foundation (IFF))

In a separate statement, IFF warned the proposals could enable surveillance-like controls and called for open, public consultations that include civil society and technical experts—not only closed-door discussions with industry. ( Internet Freedom Foundation (IFF))

What this could mean for iPhone and Android users in India

If even part of the proposed framework becomes enforceable, consumers could see a real mix of benefits and risks:

Potential upsides

• More transparency around risky permissions (camera/mic/location) and tighter controls on background access. ( Reuters)
• The ability to remove many pre-installed apps—reducing bloat and improving user control. ( Reuters)

Potential downsides

• Slower rollout of urgent security patches if the “notify” requirement becomes a gate rather than a simple heads-up. ( Digital Trends)
• Possible performance, battery, and storage impacts if scanning/logging requirements are implemented broadly across devices. ( Reuters)

What happens next

Right now, two things are simultaneously true:

1. Reuters reports a detailed set of draft security standards that alarm major manufacturers. ( Reuters)
2. The government insists there is no proposal to force source-code sharing, and emphasizes consultations and the absence of final rules. ( Press Information Bureau)

The next major signal will be whether officials clarify the legal status of the reported standards, publish consultation materials, and define whether the update-notification mechanism is purely informational—or something that can delay releases. ( Digital Trends)