Overview
- Following the transfer of device‑security discussions from the telecom department to the IT ministry, officials said there is no proposal to force smartphone makers to share proprietary source code and described the talks as routine consultations.
- Industry body MAIT said an NCCS office memorandum dated June 18, 2025 superseded earlier ITSAR language and removed any mandate for source‑code disclosure.
- Public NCCS papers from 2023 did state that source code "shall be made available" for review, but The Hindu reports the amended text now seeks internal test reports excluding IP, with summaries of vulnerabilities by risk.
- The Internet Freedom Foundation challenged the denials and urged the government to publish current drafts and meeting minutes for transparent scrutiny.
- Reuters also reported other proposals under discussion, including advance notice and potential lab testing of major updates, on‑device audit logs, regular malware scans, and persistent permission notifications, which analysts warn could raise costs and heighten IP risks.