India is drafting regulations requiring smartphone manufacturers to share proprietary source code with government agencies, triggering opposition from Apple and Samsung over intellectual property and security concerns.
India is advancing regulatory proposals that would compel smartphone manufacturers to disclose proprietary source code to government agencies, according to documents reviewed by Reuters. The requirements form part of broader security protocols aimed at strengthening oversight of mobile devices sold in the world's second-largest smartphone market. Major manufacturers including Apple and Samsung have reportedly initiated behind-the-scenes lobbying efforts to modify the proposals.
The draft regulations specify that manufacturers must provide government-mandated agencies with access to device source code and allow pre-installation of approved security applications. Additional provisions include mandatory security audits and compliance with encryption standards tailored to Indian requirements. These measures extend beyond current protocols that focus primarily on network-level security assessments.
India represents a critical growth market for smartphone manufacturers, with over 161 million units shipped in 2025 according to Counterpoint Research. Apple recently achieved record market share in the premium segment, capturing 23% of devices priced above $400, while Samsung maintains leadership across all price categories with 18% overall market penetration. The country's smartphone user base is projected to exceed 1 billion by 2027, making regulatory compliance essential for global manufacturers.
Industry pushback centers on three primary concerns: intellectual property protection, competitive differentiation, and security vulnerabilities. Device manufacturers argue that source code disclosure could expose proprietary algorithms and security architectures that constitute core competitive advantages. Apple's iOS security framework and Samsung's Knox platform both rely on closely guarded source code that differentiates their security propositions.
Security experts additionally warn that mandated code access creates potential attack vectors. "Centralized repositories of proprietary source code become high-value targets for state-sponsored hackers and cybercriminals," noted Ritesh Chopra, Country Director for India at NortonLifeLock. "The policy creates tension between legitimate security oversight and introducing new systemic vulnerabilities."
Financial implications for manufacturers include potential compliance costs estimated at $150-300 million annually for major brands, factoring in infrastructure adjustments, security recertification, and ongoing auditing requirements. This comes amid already heightened operational expenses in India, where import duties on components range from 15-20% and local manufacturing requirements add production complexity.
The regulatory proposal reflects India's broader technology sovereignty initiatives, following similar data localization requirements implemented for payment processors in 2019 and cloud service providers in 2023. Government officials cite national security imperatives, pointing to documented cases of foreign-origin devices transmitting encrypted telemetry to overseas servers without transparent disclosure.
Market analysts anticipate three potential outcomes: significant regulatory modifications following industry consultation, delayed implementation timelines allowing for technical compromises, or selective enforcement prioritizing domestic manufacturers like Micromax and Lava. The final regulations are expected to undergo public comment before potential implementation in late 2026, with ongoing negotiations likely to shape the operational details affecting global smartphone brands.
Comments
Please log in or register to join the discussion