New Delhi, INDIA – The Consumer Choice Center (CCC) raises serious concerns over the Indian government’s proposed smartphone security framework, which would impose sweeping new obligations on device manufacturers, including source code disclosure, extended data retention, and prior government approval for software updates.
While the stated aim of the proposals is to improve cybersecurity and curb online fraud, CCC warns that several measures risk expanding state access to personal devices in ways that could undermine user privacy, weaken security, and slow technological innovation.
Shrey Madaan, Indian Policy Associate at the Consumer Choice Center, said:
“Strong cybersecurity means protecting users from bad actors, not exposing them to new risks. Mandating source-code access and delaying security updates creates exactly the vulnerabilities these rules claim to prevent. Trust in smartphones depends on fast updates, strong encryption, and clear limits on state access,” said Madaan.
According to reports, the draft rules under the Indian Telecom Security Assurance Requirements (ITSAR) framework would require smartphone makers to submit operating system source code for review by government-designated laboratories, retain detailed device logs for up to a year, and notify authorities before rolling out major security updates.
CCC notes that global technology companies have warned that forced source-code disclosure contradicts established security best practices and could weaken device integrity. Allowing external review of proprietary code increases the risk of leaks, misuse, or exploitation, while also eroding confidence among users and developers worldwide.
The proposal to require manufacturers to notify the government before releasing major software or security patches is also troubling. Cybersecurity experts consistently emphasise that rapid deployment of updates is critical to protecting users from active threats. Any delay, regulatory or procedural, can leave millions of devices exposed.
CCC further cautions against requirements such as year-long device log retention, continuous permission alerts, and persistent tamper-detection warnings, which risk degrading device performance, draining battery life, and normalising constant monitoring of everyday digital activity.
Madaan added:
“Security cannot come at the cost of autonomy. When phones are treated like regulated terminals rather than personal devices, users lose control, updates slow down, and innovation suffers. That’s a trade-off no digital economy should accept.”
The Consumer Choice Center acknowledges the government’s objective of strengthening digital security but stresses that effective cybersecurity relies on globally aligned standards, industry best practices, and user empowerment, not intrusive controls or opaque review processes.
CCC urges policymakers to reconsider elements of the proposed framework that risk expanding surveillance, weakening encryption, or disrupting timely security updates. A consumer-centric approach should prioritise transparency, voluntary compliance with international standards, and clear safeguards against misuse of regulatory powers.
“India’s digital growth has been built on trust, openness, and innovation,” Madaan concluded. “Security policy should reinforce those strengths, not reverse them.”
CCC Releases Alarming Report on Housing in Canada
Sabine Benoit
January 14, 2026
