Over a month ago, the Indian government mandated that every new phone sold in the country would come preloaded with Sanchar Saathi, a state-backed app to curb telecom fraud and trace stolen devices.

The move sent shockwaves through the Indian smartphone ecosystem. What followed next was a swift pushback from the industry, following which the central government quietly scrapped the order.

As the new year began, another flashpoint emerged. According to a media report, the government is considering a sweeping set of 83 security standards for smartphone makers. The directives include mandatory source code disclosure, 12-month log retention, and the government’s pre-approval for updates at the level of operating systems.

While the Ministry of Electronics and Information Technology (MeitY) has denied any plan to forcibly access source code and says it prefers ‘collaborative engagement’ with the industry, the episode has once again unsettled device makers and privacy advocates.

What’s At Stake?

With over 800 Mn smartphone users in the country, the device has become the most intimate gateway to citizens’ digital lives — housing communications, financial data, location history, consumption patterns, and even political and social preferences.

But does access to source code amount to access to user data? On paper, the answer is no. Source code does not contain live user information. However, it does reveal the logic governing how data is collected, processed, encrypted, stored, and transmitted.

Access to operating system code can expose how permissions are enforced, how encryption keys are managed, where........

© Inc42