India's proposed phone security rules raise concern among tech firms

India has proposed new smartphone security requirements — including source code review, limits on background permissions, year-long log retention and periodic malware scans — and major manufacturers and industry groups have expressed objections.

India has proposed a set of smartphone security rules that would apply to major device makers. The proposals were described in government and industry documents and reported by Reuters. They cover items such as source code review, restrictions on background permissions, and longer log retention. Major manufacturers and the industry group MAIT have raised objections, saying several measures are impractical or lack global precedent. Key proposals: - Documents and sources describe a requirement for manufacturers to provide proprietary source code to government-designated labs for vulnerability review. - Rules would limit apps' background access to cameras, microphones and location, and require persistent permission notifications and periodic user prompts to review permissions. - Other measures include retaining security audit logs for 12 months, periodic on-device malware scanning, anti-rollback protections, and requiring notification to a government body before major updates. - Industry groups and manufacturers have formally objected, citing concerns about corporate secrecy, privacy policies, technical feasibility, performance and urgent security-fix timelines. Summary: The proposals have prompted formal objections from major manufacturers and MAIT, which argue some requirements conflict with corporate secrecy, privacy policies and operational realities. Undetermined at this time.