India's proposal for new smartphone security rules is facing resistance from major tech companies like Apple and Samsung, signaling a potential standoff between the government and global technology giants. The proposed regulations, aimed at enhancing user data security, include requirements for source code disclosure, restrictions on background app permissions, and mandatory malware scanning.

The core of the dispute lies in several key areas. One of the most contentious proposals requires smartphone manufacturers to submit their proprietary operating system source code to government-approved laboratories for security testing. The government argues that this step is necessary to identify vulnerabilities that could be exploited by cyber attackers, thereby strengthening national digital security. However, companies like Apple and Samsung, along with industry bodies such as MAIT, strongly oppose this, citing incompatibility with corporate confidentiality obligations and international privacy frameworks. They fear that exposing proprietary code could compromise intellectual property and commercial secrets. Apple has previously declined similar requests from China and U.S. law enforcement.

In addition to source code disclosure, the proposed rules include several other requirements that are raising concerns. One such requirement is the need to notify a designated government authority before rolling out major system updates or security patches. Smartphone makers argue that this is impractical, as security vulnerabilities often need immediate attention to protect users from active cyber threats, and any delay caused by regulatory procedures could leave millions of devices exposed.

The proposed framework also calls for permanently blocking older operating system versions to prevent security downgrades, a measure manufacturers say lacks global precedent. Other stipulations include mandatory and periodic malware scans, which industry bodies warn could drain a phone's battery, and a requirement to retain detailed security logs for up to one year, which could strain the storage capacity of many devices. Furthermore, the rules propose that all pre-installed apps, except those essential for core phone operations, must be removable. Manufacturers argue that many bundled apps are deeply integrated into the system architecture, and forcing their removal could affect device stability and security.

The government's push for enhanced security measures comes amid growing concerns about online fraud and data breaches in India, which has nearly 750 million smartphone users. Officials state the need to secure digital transactions and protect user data. IT Secretary S. Krishnan has said that any legitimate concerns from the industry will be addressed with an open mind.

These proposed security standards, drafted in 2023, are now under consideration for legal imposition. A meeting between IT ministry officials and tech executives is expected to address these concerns. The outcome of these discussions will be critical in determining the future of smartphone security regulations in India and their impact on both consumers and the tech industry.