Source Code of Smartphones | 15 Jan 2026

Source:TH 

The Union government and the MAIT (Manufacturers’ Association for Information Technology) (apex body representing India's electronics & ICT hardware sector) have refuted reports claiming that smartphone manufacturers would be required to disclose their source code, clarifying that no such demand is under consideration. 

• Source Code: It is the fundamental set of programmed instructions that controls a smartphone’s operating system, hardware functions, and applications, enabling the device to run securely and efficiently. 
  • While parts of Android are open-source, manufacturers add proprietary modifications and hardware-specific adaptations.  
  • However, the source code is kept confidential because it protects commercial secrets and acts as a critical security barrier, preventing misuse and exploitation. 
• Limitations of Source Code Disclosure: Full source code disclosure is rare globally, except in limited defence contexts. 
  • Revealing internal code can increase vulnerability to cyberattacks and data breaches. 
  • Even global firms like Apple do not share full source code with governments. 
• Regulation of Source Code: No law mandates public disclosure of source code by private companies in India. 
  • Earlier telecom-related standards, including the Indian Telecom Security Assurance Requirements (ITSAR), 2023 issued by the National Centre for Communication Security (NCSS) under the Department of Telecommunications (DoT), which mentioned source code disclosure, were amended in 2025 to remove such provisions. 
  • Earlier, smartphones were covered under the Mandatory Testing and Certification of Telecommunication Equipment (MTCTE) framework, which stems from the Indian Telegraph (Amendment) Rules, 2017. 
    • However, after the Telecommunications Act, 2023, the DoT and MeitY removed smartphones from MTCTE, as they already undergo certification under standards set by the Bureau of Indian Standards (BIS). 
  • Policy oversight follows a consultative, non-intrusive approach, now any security review requires only internal test reports excluding intellectual property (IP). 
  • The framework balances cybersecurity, ease of doing business, and IP protection, in line with global practices.