---

India is weighing a new set of smartphone security rules that could reshape how device makers operate in the country’s massive mobile market. But the proposal is already facing pushback from privacy advocates and technology experts who warn it may open the door to deeper state surveillance.

The debate highlights a growing global tension: how governments can strengthen cybersecurity without weakening digital rights and consumer trust.

Why India is tightening phone security

India is the world’s second-largest smartphone market, with nearly 750 million phones in use. As online fraud and data breaches rise, the government has been working to strengthen safeguards around user data and device security.

The latest proposed framework is being discussed under the broader push led by Prime Minister Narendra Modi’s government to improve digital security standards across the country.

According to a Reuters report, the plan includes a set of measures that would expand compliance requirements for smartphone manufacturers operating in India.

What the proposal reportedly asks smartphone makers to do

The proposed package of standards, reviewed by Reuters through confidential government and industry documents, includes requirements that have raised immediate alarm in the tech industry.

Among the most controversial points is a plan that would require smartphone makers to share source code as part of security compliance. Source code is the underlying programming that allows phones and their operating systems to function.

Another reported requirement would compel companies to retain phone logs on devices for up to one year, potentially creating a detailed record of activity stored locally.

Major manufacturers such as Apple and Samsung have privately objected to the plan, Reuters reported, citing the same set of documents.

Government response: Ministry denies seeking source code

India’s IT ministry has said that consultations are still ongoing and insisted that it is open to hearing industry concerns.

In a public response, the ministry said it would address “any legitimate concerns of the industry… with an open mind,” according to Reuters.

However, the ministry also refuted the claim that it was considering demanding source code, even as it did not directly comment on the confidential documents reviewed by the news agency.

The ministry did not respond to a separate request for comment, Reuters added.

Privacy groups warn of “persistent controls” on personal devices

Digital rights organisations have reacted sharply, arguing the proposed rules could expand state access to sensitive technical systems and everyday user behavior.

The Internet Freedom Foundation (IFF), a group focused on privacy and free speech rights, said it opposed any framework that would effectively give the state access to confidential code and embed lasting controls into devices used by millions.

IFF also warned that the proposals could go beyond security and start shaping how people interact with their own phones, according to its statement cited by Reuters.

Experts say source code demands could damage trust

Technology law experts have also questioned the direction of the plan, especially the idea of seeking source code from global manufacturers.

Akash Karmakar, a partner at Indian law firm Panag & Babu who specializes in technology law, said that demanding source code risks eroding trust and could undermine India’s reputation as a business-friendly destination.

He described the approach as a major step away from India’s goal of improving the ease of doing business, Reuters reported.

Such concerns are particularly sensitive in a market where international companies already face heavy regulatory scrutiny while competing for consumer confidence.

Meeting with tech giants reportedly called off

A scheduled meeting between the IT ministry and major technology companies was expected to take place on Tuesday to discuss feedback and concerns.

But Reuters reported that the ministry called off the meeting, citing three people with direct knowledge of the matter.

The cancellation may signal that negotiations are still in flux, even as industry and civil society pressure grows around the proposal’s scope.

Security update rules add another layer of concern

Beyond source code and log retention, the proposal also reportedly requires smartphone companies to inform Indian officials before releasing security updates.

Under the plan, authorities would also have the option to test those updates if they choose, Reuters reported.

That idea has sparked criticism from cybersecurity advocates, who argue it could blur the line between regulation and operational access to vulnerabilities.

“Conflict of interest” fears raised by cybersecurity advocates

Raman Jit Singh Chima, global cybersecurity lead at the internet advocacy group Access Now, told Reuters the approach could create a conflict of interest.

The concern, as described in the report, is that giving the state a role in reviewing security updates could allow it to function as both a regulator and a potential actor capable of exploiting weaknesses for surveillance purposes.

This argument reflects a wider international debate: cybersecurity rules can strengthen protections, but poorly designed frameworks can also introduce new risks, especially if they increase access to sensitive systems without strong checks and transparency.

Recent precedent: India dropped a mandatory cybersecurity app order

The proposed standards are arriving soon after another government move faced strong resistance.

Last month, India revoked an order that would have mandated a state-run cybersecurity app on phones. That decision came after opposition from political parties and privacy advocacy groups, Reuters reported.

That reversal is now being viewed as an example of how public and political pressure can influence the government’s approach to digital security policy.

What this could mean for users, companies, and India’s tech future

If the proposed standards move forward in their current form, the impact could be felt across multiple layers of India’s digital ecosystem.

For users, privacy advocates argue that longer log retention and deeper state access to device-level systems could increase surveillance risks and reduce personal control over everyday technology.

For manufacturers like Apple and Samsung, the compliance burden could become more complex, especially if requirements involve code disclosure or advance notice of security updates.

For India’s broader tech ambitions, critics warn the plan could discourage investment or innovation if companies view the regulatory environment as unpredictable or intrusive.

At the same time, the government’s core argument, improving user security in a market facing rising fraud, remains a major policy priority, particularly as more Indians rely on smartphones for payments, identity services, and communication.

A high-stakes balancing act

India’s smartphone security proposal has quickly turned into a defining test of how the country plans to protect users in an era of escalating cybercrime.

But as the backlash from privacy groups and experts shows, stronger security rules can also raise new questions about transparency, oversight, and the limits of state access to personal devices.

With consultations still ongoing, the next steps will likely determine whether the government can build a security framework that improves protection without weakening trust in the digital tools used daily by hundreds of millions of Indians.

(With inputs from Reuters.)

 

ALSO READ:  China’s Viral “Are You Dead?” App Sparks Debate, Rebrand Push