Indian Telecom Security Assurance Requirements (ITSAR) - India’s Proposed Smartphone Security Regime

Q: What is the rationale behind India’s proposal to mandate source code disclosure by smartphone manufacturers?

To enhance national cybersecurity and data sovereignty by identifying vulnerabilities and preventing exploitation.

Q: Why have global smartphone manufacturers opposed India’s proposed ITSAR?

They argue that measures like source code review, malware scanning are operationally impractical.

Q: How do India’s proposed smartphone security norms raise concerns related to Ease of Doing Business?

Mandatory disclosures, compliance costs, may discourage investment and innovation in India’s digital ecosystem.

Q: What is the significance of background permission restrictions in the proposed smartphone security framework?

They aim to protect user privacy by preventing unauthorised background access to location services, thereby reducing cyber misuse.

Q: How can India address cybersecurity concerns without hampering technological innovation?

India should adopt a risk-based, consultative, and globally aligned cybersecurity framework.

Table of Contents☰

ITSAR Latest News

The Union Government is considering legally enforcing Indian Telecom Security Assurance Requirements (ITSAR) for smartphones, involving 83 security standards, including source code disclosure, software controls, and user-permission restrictions.
This has triggered strong resistance from global smartphone makers like Apple (5% market share in India), Samsung (15%), Google, and Xiaomi (19%), who argue that many provisions lack global precedent and threaten proprietary technologies.

Background

India is the world’s second-largest smartphone market with nearly 750 million users.
Rising online fraud, cybercrime, and data breaches have prompted the government to strengthen device-level security.
The proposals align with the Indian PM’s broader push for digital security and data sovereignty.
Similar tensions have emerged earlier over mandatory cyber safety apps (later revoked), and stringent testing norms for security cameras due to national security concerns.

Key Features of the Proposed Security Standards

Source code disclosure:
- Manufacturers must submit proprietary source code for review and vulnerability analysis by government-designated labs.
- Objective: Detect backdoors and systemic vulnerabilities.
- Industry response:
  - The Manufacturers’ Association for Information Technology (MAIT) calls it “not possible” due to corporate secrecy and privacy norms.
  - No such requirement exists in the EU, North America, Australia, or Africa.
Background permission restrictions:
- Apps cannot access camera, microphone, or location in the background. Mandatory continuous status-bar alerts when permissions are active.
- Concern: No global precedent or standardized testing method.
Permission review alerts: Devices must periodically prompt users to review app permissions. Industry wants alerts limited to “highly critical” permissions to avoid user fatigue.
One-year log retention:
- Phones must store security audit logs (logins, app installs) for 12 months.
- Industry concern: Consumer devices lack sufficient storage capacity.
Periodic malware scanning: Mandatory automatic malware scans. Concerns: Battery drain, slower device performance, etc.
Removal of pre-installed apps: All non-essential pre-installed apps must be removable. Companies argue many apps are integral system components.
Mandatory notification of software updates:
- Manufacturers must inform the National Centre for Communication Security before releasing major updates or patches.
- Industry view: This will be impractical during zero-day vulnerabilities. Delays may increase user exposure to active cyber threats.
Tamper detection (Rooting/Jailbreaking): Devices must detect tampering and show persistent warnings. Industry response: No reliable universal detection mechanism exists.
Anti-rollback protection: Blocking installation of older software versions, even if manufacturer-signed.
Concern: No global standard; may restrict legitimate use cases.

Key Challenges and Way Ahead

Data Security vs proprietary rights: Risk of exposing trade secrets. Risk-based regulation focusing on critical vulnerabilities rather than blanket controls.
Lack of global precedent: Potential regulatory overreach. Adopt global best practices aligned with OECD and EU cybersecurity norms.
Ease of doing business: Compliance costs may deter investment. Ensure time-bound clearance mechanisms for security updates. Strengthen user-level security awareness alongside device-level controls.
Operational practicality: Update delays, battery drain, storage constraints. Explore independent third-party audits instead of direct source code disclosure.
Innovation chill: Excessive regulation may impact R&D. Maintain a balance between national security, privacy, and innovation.

Conclusion

India’s proposed smartphone security framework (ITSAR) reflects legitimate concerns over cybersecurity, data protection, and national security in a rapidly digitising economy.
However, enforcing intrusive measures like source code disclosure without global precedent risks undermining innovation, trust, and market competitiveness.
A consultative, proportionate, and globally harmonised approach is essential to safeguard users while preserving India’s attractiveness as a major digital and manufacturing hub.

Source: TH | ET

Latest UPSC Exam 2026 Updates

Last updated on January, 2026

→ Check out the latest UPSC Syllabus 2026 here.

→ Join Vajiram & Ravi’s Interview Guidance Programme for expert help to crack your final UPSC stage.

→ UPSC Mains Result 2025 is now out.

→ UPSC Notification 2026 is scheduled to be released on January 14, 2026.

→ UPSC Calendar 2026 has been released.

→ UPSC Prelims 2026 will be conducted on 24th May, 2026 & UPSC Mains 2026 will be conducted on 21st August 2026.

→ The UPSC Selection Process is of 3 stages-Prelims, Mains and Interview.

→ Prepare effectively with Vajiram & Ravi’s UPSC Prelims Test Series 2026 featuring full-length mock tests, detailed solutions, and performance analysis.

→ Enroll in Vajiram & Ravi’s UPSC Mains Test Series 2026 for structured answer writing practice, expert evaluation, and exam-oriented feedback.

→ Join Vajiram & Ravi’s Best UPSC Mentorship Program for personalized guidance, strategy planning, and one-to-one support from experienced mentors.

→ UPSC Result 2024 is released with latest UPSC Marksheet 2024. Check Now!

→ UPSC Toppers List 2024 is released now. Shakti Dubey is UPSC AIR 1 2024 Topper.

→ Also check Best UPSC Coaching in India

ITSAR FAQs

Q1. What is the rationale behind India’s proposal to mandate source code disclosure by smartphone manufacturers?+

Q2. Why have global smartphone manufacturers opposed India’s proposed ITSAR?+

Q3. How do India’s proposed smartphone security norms raise concerns related to Ease of Doing Business?+

Q4. What is the significance of background permission restrictions in the proposed smartphone security framework?+

Q5. How can India address cybersecurity concerns without hampering technological innovation?+

Tags: itsar mains articles upsc current affairs upsc mains current affairs

Vajiram Mains Team

At Vajiram & Ravi, our team includes subject experts who have appeared for the UPSC Mains and the Interview stage. With their deep understanding of the exam, they create content that is clear, to the point, reliable, and helpful for aspirants.Their aim is to make even difficult topics easy to understand and directly useful for your UPSC preparation—whether it’s for Current Affairs, General Studies, or Optional subjects. Every note, article, or test is designed to save your time and boost your performance.