Do Son 
As India aggressively pursues its “Make in India” initiative, aspiring to supplant China as the preeminent global hub for electronics manufacturing, the administrative oversight regarding technological commodities has intensified. However, a recently divulged government proposal has ignited a fierce backlash within the tech industry. According to reports from Reuters, the Indian government, under the auspices of fortifying cybersecurity, has drafted a security mandate comprising 83 stringent requirements. Most controversially, this proposal demands that smartphone manufacturers surrender their proprietary “Source Code” for governmental scrutiny—a decree that has met with vehement opposition from titans such as Apple and Samsung.
Citing confidential sources and internal documentation, Reuters revealed that this draft is ostensibly designed to ensure device integrity. The most contentious clause stipulates that “manufacturers must facilitate testing and provide proprietary source code for examination by government-designated laboratories to identify latent vulnerabilities within mobile operating systems that adversaries might exploit.” Consequently, the foundational logic of Apple’s iOS and the customized Android kernels utilized by Samsung would be laid bare before Indian officials. The Manufacturers’ Association for Information Technology (MAIT)—representing an illustrious cohort including Apple, Samsung, Google, and Xiaomi—has formally voiced its dissent, characterizing the mandate as “utterly untenable.”
MAIT asserts that source code represents the quintessential intellectual property of technology firms, protected by rigorous global privacy standards. Furthermore, bequeathing such sensitive data to a third party, even a governmental laboratory, creates a catastrophic security liability. Should this source code be compromised, malicious actors could effortlessly unearth deep-seated systemic vulnerabilities, directly subverting the government’s stated objective of “fortifying security.” Beyond the source code dispute, the draft imposes other burdensome obligations, such as requiring manufacturers to notify the Indian government prior to the release of any significant update or security patch.
Industry stakeholders view this regulatory hurdle as both preposterous and counterproductive. Security patches are typically a race against time; any bureaucratic delay in the notification process only serves to prolong user exposure to threats. In response to these revelations, the Ministry of Electronics and Information Technology (MeitY) issued a rebuttal, dismissing the notion that it is seeking source code and emphasizing that the proposal remains in a “consultative phase.” Nevertheless, the ministry offered no explanation for the specific contents of the documents cited by Reuters, merely stating that dialogues with technology giants are ongoing. This is not the first instance where Apple has resisted such pressure; it previously rebuffed similar demands from the Chinese government and famously denied the FBI’s request to engineer a “backdoor” into the iPhone. In every case, Apple has maintained its steadfast resolve, recognizing that such a precedent would irrevocably dismantle the secure, closed architecture that defines iOS.
Ultimately, the Indian government appears caught in a paradox: it seeks to lure Apple and Samsung to expand their local manufacturing footprints through Production Linked Incentive (PLI) schemes while simultaneously contemplating regulatory measures far more intrusive than the European Union’s Digital Markets Act. Source code is the “crown jewel” of technological innovation; to demand its surrender is an act of industrial self-sabotage. Should India persist with these draconian terms, it risks not only failing to enhance security but also alienating the very technology leaders whose investment is vital to its economic aspirations.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
