Technology policy balancing security and innovation always sparks debate—this Indian source code mandate feels like a bold but controversial step in data protection era. Drafted in 2023 but gaining traction now, the 83 standards under Telecom Security Assurance Requirements demand manufacturers open source code to Indian labs for thorough vulnerability checks, permit uninstalling bloatware, restrict sneaky background camera or mic activation by apps, enforce periodic auto malware scans, and maintain device logs for at least 12 months.
Major firmware or patch updates must be notified pre-release for government testing. With 750 million smartphones—Samsung at 15%, Xiaomi 19%, Apple 5%—frauds soaring, the rationale ties to Modi's user safety push. Yet industry body MAIT and makers protest: proprietary secrets at risk of leaks, potential privacy breaches, unnecessary battery drain from scans, and no equivalents in EU or US—Apple famously resisted similar Chinese demands years ago. Tuesday stakeholder talks could shape final rules.
In my view, threats are genuine in hyper-digital India, but heavy mandates risk deterring investment and innovation—smart consultation essential for balanced outcome benefiting users without alienating global players.
TL;DR
- 83 standards drafted 2023 Telecom Security Assurance Requirements enforcement push.
- Require source code sharing designated Indian labs vulnerability analysis.
- Mandate pre-release notification major updates patches government testing.
- Allow uninstalling pre-installed bloatware apps.
- Block background camera microphone activation without consent.
- Enforce automatic periodic malware device scanning.
- Store activity logs minimum 12 months.
- Target major makers Samsung Xiaomi Apple Google.
- Rationale rising frauds 750 million smartphone market data protection.
- Industry opposes proprietary secrecy risks privacy battery no precedents.
