A fresh controversy has erupted over India’s proposed smartphone security framework after the Internet Freedom Foundation (IFF) questioned the Indian government’s denial of plans to mandate source code access for smartphones, citing publicly available government documents and
reporting by Reuters that suggest otherwise.
In a statement issued on X, the digital rights body says the recent 'fact check' by press information bureau (PIB), which dismissed Reuters’ report on mandatory source code disclosure as 'fake', is at odds with technical documents already hosted on government websites. According to IFF, the existence of the Indian telecom security assurance requirements (ITSARs) raises serious questions about the government’s claim that no such proposals are under consideration.
PIB has maintained that the government has 'not proposed any measure' to force smartphone manufacturers to share proprietary source code, asserting that consultations currently underway are routine and exploratory in nature.
However, IFF says such a blanket denial cannot negate the presence of detailed drafts and standards that are already in the public domain or under active discussion.
“If the government claims these proposals do not exist, it must explain why detailed ITSAR documents are available on its own portals and disclose the minutes of meetings referenced in the Reuters report,” the IFF says, calling for greater transparency from the Union ministry of electronics and information technology (MeitY) and the department of telecommunications (DoT).
The digital rights organisation has posed six pointed questions to the government, seeking clarity on whether ITSAR exists as an official policy draft, whether the versions hosted on bodies such as the National Centre for Communication Security and the Telecom Engineering Centre are operative, and whether contentious provisions, including source code sharing for vulnerability analysis, retention of system logs for 12 months and measures to prevent jailbreaking, are intended to be enforced.
IFF has also asked whether MeitY has been formally tasked with finalising and enforcing ITSAR, whether meetings were held with major smartphone manufacturers such as Apple and Samsung to discuss these clauses and why no public consultation has been conducted despite the framework’s potential impact on hundreds of millions smartphone users in India.
The statement stressed that stakeholder consultation cannot be confined to closed-door meetings with large technology companies. “If no final regulations have been framed, as PIB claims, the government should immediately release the current ITSAR draft for public scrutiny,” IFF says, reiterating its demand for an open and transparent consultation process.
The debate follows a Reuters report stating that MeitY has been consulting with smartphone manufacturers and industry bodies on a package of 83 security requirements under the proposed ITSAR framework. Among the most sensitive provisions flagged were clauses that could allow government-designated testing laboratories to conduct source code reviews, vulnerability analysis, penetration testing and fuzzing to verify security claims made by manufacturers.
Reuters reported that it had reviewed confidential government and industry documents, including an internal meeting note dated 8 December 2025, which recorded strong objections from industry representatives. According to the report, companies argued that such requirements are not mandated anywhere globally, combine elements from multiple regulatory frameworks and place obligations on manufacturers that fall outside their control.
Industry bodies such as the Manufacturers Association for Information Technology (MAIT), which represents major smartphone brands, have opposed any form of source code access, citing risks to intellectual property and user privacy.
In submissions seen by
Reuters and
later reported by Moneylife, MAIT argued that countries in the EU, North America, Australia and Africa do not mandate such requirements and warned that measures such as frequent malware scans, prior government intimation before software updates and long-term log storage could harm users and slow security patch deployment.
The government, however, has pushed back strongly. According to the PIB fact check, claims about mandatory source code sharing were found to be false, and it reiterated that MeitY is only engaging in routine consultations to build a robust mobile security framework. It stressed that no final decision has been taken and that any future regulations would be framed only after due consultation with stakeholders.
IT secretary S Krishnan was quoted by Reuters as saying that legitimate industry concerns would be addressed 'with an open mind' and that it was premature to draw conclusions at this stage.
India, which has close to 750mn (million) smartphone users, is the world’s second-largest mobile market. The proposed security framework is being discussed amid growing concerns over cyber fraud, data breaches and unauthorised surveillance. However, as Moneylife noted, the episode highlights rising friction between India’s regulatory ambitions and global technology companies wary of compliance burdens, intellectual property risks and regulatory uncertainty.
With further meetings between MeitY officials and industry representatives expected, the scope of the proposed ITSAR framework and whether it will include controversial provisions such as source code access remains unresolved. For now, IFF has made it clear that it will continue to press for clarity, transparency and a public consultation before any such standards are notified.
Gretex Corporate Services Slapped with ₹15 Lakh Penalty for Failures in Due Diligence and Disclosures
Moneylife Digital Team
13 January 2026
Market regulator Securities and Exchange Board of India (SEBI) has imposed a penalty of ₹15 lakh on Gretex Corporate Services Ltd, a SEBI-registered merchant banker (MB), for multiple failures in due diligence, disclosure and...
Resolution Professional Fraternity Untouched by Contempt, Needs To Be Taught a Lesson: NCLAT Chennai
SN Thyagarajan (Bar
and
Bench)
13 January 2026
The Chennai Bench of the National Company Law Appellate Tribunal (NCLAT) on Tuesday initiated suo motu contempt proceedings against a resolution professional (RP) for allegedly attempting to bypass an interim appellate order....
From Savings to Securities: SBI Report Shows Investor Growth Beating Deposits, Warns on Rising Unclaimed Funds
SN Thyagarajan (Bar
and
Bench)
13 January 2026
Even as bank deposits and credit have recorded a sharp expansion over the past decade, the pace of growth in investor participation has outstripped the rise in traditional savings. At the same time, unclaimed deposits have surged at...
SEBI Narrows Technical Glitch Rules: 60% of Brokers Exempt, Reporting Time Doubled
Moneylife Digital Team
09 January 2026
Market regulator Securities and Exchange Board of India (SEBI) has significantly relaxed its technical glitch framework for stock brokers, exempting nearly 60% of intermediaries from its ambit, extending reporting timelines, narrowing...
