1 hour ago
2
MAIT, a phone makers’ industry group representing smartphone manufacturers like Samsung, said that there was no demand for devices’ source code to be disclosed to any third party by the Union government, and pointed out that even a 2023 security standard document — which was never enforced — that contained this requirement was amended in the middle of last year to remove the language.
The denial adds to the Union government’s own refutation of the news agency’s reporting. The supposed demand, which was reported by the newswire agency Reuters over the weekend, cited a 2023 document by the National Centre for Communication Security (NCCS), a Bengaluru-based arm of the Department of Telecommunications (DoT).
Other proposals include requiring on-device logging, which the industry is reported to have opposed, and notifying authorities about upcoming security updates. The report claimed that the government was “considering imposing [the requirements] legally”.
Explained: Is the government seeking phones’ source code?
The IT Ministry denied the source code claim, alluding to the report, and a senior official said that this was a mischaracterisation of the nature of its conversations with phone makers. In the past few months, security oversight for phones has been transferred from the DoT to MeitY, and the latter was working with the industry to understand which standards are practical to implement, the official said. In the meantime, smartphones were exempt from the certification scheme in question altogether.
MAIT pointed out in its own statement that the 2023 Indian Telecom Security Assurance Requirement (ITSAR) had language around source code disclosure completely removed last June itself through an office memorandum by the NCCS.
“These consultations are part of the Ministry’s regular and ongoing engagement with industry on safety and security standards,” the IT Ministry had said on Sunday (January 11, 2026).
The amendment, of which the Reuters reporting seemed unaware, changes a section that mentions source code disclosure to simply requiring an “[i]nternal test report excluding Intellectual Property (IP) related information, but mandatorily including summary of number of security vulnerabilities/weaknesses classified by risk”.
“MAIT wishes to categorically state that the Office Memorandum issued on 18 June 2025 by the Government of India overrules any prior interpretations suggesting mandatory sharing of source code,” the industry body said.
“The memorandum provides clear guidance that supersedes earlier drafts or discussions, ensuring alignment with industry best practices and safeguarding intellectual property. MAIT’s internal documents are solely for internal deliberation and knowledge-sharing among members.”
“The association also commends MeitY’s transparent and consultative approach in shaping policy frameworks… The structured consultations have enabled industry stakeholders, experts, and policymakers to collaborate constructively, ensuring that diverse perspectives are considered.”
The agency’s report over the weekend appeared to rely on documents that referred to the unamended version of the standards document, which was issued in April 2023. A phone maker shall ensure that “security assurance Test Labs will conduct the Source Code Review/ Analysis, vulnerability analysis, penetration testing and fuzzing”, the older version said.
Excerpts of industry documents indicated that even these were under the impression that the pre-amendment version of the document prevailed. “MAIT’s internal documents are solely for internal deliberation and knowledge-sharing among members,” the industry association said.
English (US) ·