As India actively promotes its "Make in India" policy, attempting to replace China as the global electronics manufacturing hub, the government is increasing its regulatory oversight of technology products. However, a recently leaked government proposal has sparked strong backlash from the technology industry. (According to Reuters)Reports allegeIn an effort to strengthen cybersecurity, the Indian government has drafted a new security regulation that includes 83 requirements, among which smartphone manufacturers are required to hand over the "source code" of their operating systems for government review. This move has immediately drawn strong opposition from tech companies such as Apple and Samsung.
In order to find vulnerabilities, they demanded the surrender of core secrets?
Reuters, citing sources familiar with the matter and government documents, reported that the Indian government's draft proposal is ostensibly aimed at ensuring device security. One of the most controversial clauses states: "Manufacturers must test and provide proprietary source code for review by government-designated laboratories to identify vulnerabilities in the mobile operating system that could be exploited by attackers."
This means that Apple's iOS, as well as the core code of operating systems modified from Android by manufacturers such as Samsung, must be laid bare before Indian government officials.
Tech companies collectively say no: This is an impossible task.
MAIT (Manufacturers' Association for Information Technology), an industry group representing companies such as Apple, Samsung, Google, and Xiaomi, has clearly expressed its opposition to the Indian government, stating that the request is "not possible."
MAIT points out that source code is a core trade secret of technology companies and is strictly protected by global privacy policies. More seriously, handing over source code to third parties (even government labs) would create enormous cybersecurity risks. Once the source code is leaked, hackers could easily exploit deep-seated vulnerabilities in the system and launch further attacks, which completely contradicts the Indian government's stated intention to "strengthen security."
Even security updates require prior "reporting"?
Besides the source code controversy, the draft also includes other requirements that are causing headaches for industry players. For example, mobile phone manufacturers must notify the Indian government before releasing any major updates or security patches.
The industry generally considers this regulation absurd and counterproductive. Security patches are usually developed to race against hackers; if they require a cumbersome government notification process before release, it will only delay the patching process and expose users to risks.
Official denial? A Rashomon-like situation with conflicting accounts.
However, in response to media reports, India's Ministry of Electronics and Information Technology (MeitY) subsequently issued a statement refuting claims that it was considering seeking source code from mobile phone manufacturers, emphasizing that these matters were still in the "consultation phase." However, the official statement did not address the content of the government document cited by Reuters, only stating that it was still in communication with tech giants.
Analysis of viewpoints
This is not the first time Apple has faced pressure to hand over source code. The Chinese government has made similar requests in the past, and even the FBI has asked Apple to help unlock a suspect's iPhone (although not to directly request source code, but to enable a backdoor in the system's security). Apple has always stood its ground in these incidents because if it sets a precedent, the closed security architecture that iOS prides itself on will instantly collapse.
The Indian government's move is clearly caught in a dilemma: it wants the horse to run but doesn't want it to eat grass. On the one hand, it hopes to attract Apple and Samsung to expand their production capacity and supply chain layout in India through the PLI (Production Link Incentive) program, while on the other hand, it is trying to use more intrusive regulatory measures than the EU's Digital Markets Act.
Source code is the "crown jewel" of tech companies, and demanding its return is tantamount to killing the goose that lays the golden eggs. If the Indian government insists on this hardline clause, it will not only fail to improve cybersecurity, but may also force major tech companies that value intellectual property rights to slow down or even suspend their investment plans in India.
