Skip to main content

India proposes requiring smartphone makers to share source code with govt in security overhaul

India has proposed requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures, prompting behind-the-scenes opposition from giants like Apple and Samsung.

The tech companies have countered that the package of 83 security standards, which would also include a requirement to alert the government to major software updates, lacks any global precedent and risks revealing proprietary details, according to four people familiar with the discussions and a Reuters review of confidential government and industry documents.

The plan is part of Indian Prime Minister Narendra Modi’s efforts to boost the security of user data as online fraud and data breaches increase in the world’s second-largest smartphone market, with nearly 750 million phones.

IT Secretary S. Krishnan told Reuters that “any legitimate concerns of the industry will be addressed with an open mind”, adding it was “premature to read more into it”.

A ministry spokesperson said it could not comment further due to ongoing consultation with tech companies on the proposals.

Ongoing tug of war over govt requirements

Apple, South Korea’s Samsung, Google, China’s Xiaomi and MAIT, the Indian industry group that represents the firms, did not respond to requests for comment.

Indian government requirements have irked technology firms before.

Last month, it revoked an order mandating a state-run cyber safety app on phones amid concerns over surveillance. But the government brushed aside lobbying last year and required rigorous testing for security cameras over fears of Chinese spying.

Xiaomi and Samsung — whose phones use Google’s Android operating system — hold 19 and 15 per cent, respectively, of India’s market share and Apple 5pc, Counterpoint Research estimates.

Among the most sensitive requirements in the new Indian Telecom Security Assurance Requirements is access to source code — the underlying programming instructions that make phones work. This would be analysed and possibly tested at designated Indian labs, the documents show.

The Indian proposals also require companies to make software changes to allow pre-installed apps to be uninstalled and to block apps from using cameras and microphones in the background to “avoid malicious usage”.

“Industry raised concerns that globally security requirement have not been mandated by any country,” said a December IT ministry document detailing meetings that officials held with Apple, Samsung, Google and Xiaomi.

The security standards, drafted in 2023, are in the spotlight now as the government is considering imposing them legally. IT ministry and tech executives are due to meet on Tuesday for more discussions, sources said.

Companies say source code review, analysis ‘not possible’

Smartphone makers closely guard their source code. Apple declined China’s request for source code between 2014 and 2016, and US law enforcement has also tried and failed to get it.

India’s proposals for “vulnerability analysis” and “source code review” would require smartphone makers to perform a “complete security assessment”, after which test labs in India could check their claims through source code review and analysis.

“This is not possible … due to secrecy and privacy,” MAIT said in a confidential document drafted in response to the government proposal, and seen by Reuters.

“Major countries in the EU, North America, Australia and Africa do not mandate these requirements.”

MAIT asked the ministry last week to drop the proposal, a source with direct knowledge said.

The Indian proposals would mandate automatic and periodic malware scanning on phones.

Device makers would also have to inform the National Centre for Communication Security about major software updates and security patches before releasing them to users, and the centre would have the right to test them.

MAIT’s document says regular malware scanning significantly drains a phone’s battery and seeking government approval for software updates is “impractical” as they need to be issued promptly.

India also wants the phone’s logs — digital records of its system activity — to be stored for at least 12 months on the device.

“There is not enough room on device [sic] to store one-year log events,” MAIT said in the document.



from Dawn - Home https://ift.tt/pYcVuxt
Labels:

Comments

Post a Comment

Popular posts from this blog

Ministers rubbish notion that proposed retirement age extension to favour ‘one particular institution’

Information Minister Attaullah Tarar on Tuesday rubbished the notion that a proposed extension in the retirement age was to favour “one particular institution”, adding that the move would be implemented across the board if approved. The rebuttal comes in the wake of media reports claiming that the government was mulling changes to the Constitution to fix the tenure of the chief justice . Currently, judges of the Supreme Court, including the chief justice, retire after attaining the age of superannuation, i.e. 65 years, as stipulated in Article 179 of the Constitution. While giving his opinion recently on the reports of the constitutional amendment, Law Minister Azam Nazeer Tarar had said he “will not vehemently turn down the proposals related to the tenure of the chief justice”. Addressing the issue during a press conference in Islamabad today along since Finance Minister Muhammad Aurangzeb and the law minister, Attaullah said the extension in the retirement age was “a proposal to a...
Post a Comment
Read more

The Republican primary race for president in 2024

The Republican primary race for president in 2024 is already shaping up to be a competitive one. There are a number of high-profile candidates who have already announced their intention to run, and more are expected to join the field in the coming months. The frontrunner for the nomination is former President Donald Trump. Trump has been teasing a 2024 run for months, and he has a large and loyal following among Republican voters. However, he is also a polarizing figure, and his candidacy could alienate some moderate Republicans. Another potential contender for the nomination is Florida Governor Ron DeSantis. DeSantis has been praised by many conservatives for his handling of the COVID-19 pandemic and his opposition to vaccine mandates. He is also seen as a rising star in the Republican Party. Other potential candidates include former Vice President Mike Pence, former Ambassador Nikki Haley, and Senator Tim Scott. Pence is a more traditional Republican who could appeal to moderate vote...
1 comment
Read more

In pictures: Grief in Gaza and the loss of a child

In the photo, the woman cradles a child in her arms, balanced on her knee. It is an image that resonates, as ancient as human history. But in a grim inversion of the familiar, we see that the child she holds close is a corpse, wrapped in a shroud. It is a quiet moment of intense grief. The woman wears a headscarf and her head is bowed. We cannot see who she is nor can we learn anything about the child — not even if it is a boy or girl. Palestinian woman Inas Abu Maamar, 36, embraces the body of her 5-year-old niece Saly, who was killed in an Israeli strike, at Nasser hospital in Khan Younis in the southern Gaza Strip, October 17, 2023. The child is one of many who have lost their lives on both sides in the Israel-Hamas war. Most have names we will never know, whose deaths will spark a lifetime of grief for family members we will never meet. In the 21st century, an average of almost 20 children a day have been killed or maimed in wars around the world, according to Unicef. Reuter...
Post a Comment
Read more