{"id":82088,"date":"2026-01-12T11:05:38","date_gmt":"2026-01-12T05:35:38","guid":{"rendered":"https:\/\/vajiramandravi.com\/current-affairs\/?p=82088"},"modified":"2026-01-12T14:31:48","modified_gmt":"2026-01-12T09:01:48","slug":"indian-telecom-security-assurance-requirements-itsar-indias-proposed-smartphone-security-regime","status":"publish","type":"post","link":"https:\/\/vajiramandravi.com\/current-affairs\/indian-telecom-security-assurance-requirements-itsar-indias-proposed-smartphone-security-regime\/","title":{"rendered":"Indian Telecom Security Assurance Requirements (ITSAR) &#8211; India\u2019s Proposed Smartphone Security Regime"},"content":{"rendered":"<h2 style=\"text-align: justify;\"><b>ITSAR Latest News<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Union Government is considering legally enforcing Indian Telecom Security Assurance Requirements (ITSAR) for smartphones, involving 83 security standards, including <\/span><b>source code disclosure<\/b><span style=\"font-weight: 400;\">, software controls, and user-permission restrictions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">This has triggered <\/span><b>strong resistance<\/b><span style=\"font-weight: 400;\"> from global smartphone makers like Apple (5% market share in India), Samsung (15%), Google, and Xiaomi (19%), who argue that many provisions lack global precedent and threaten proprietary technologies.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Background<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">India is the world\u2019s <\/span><b>second-largest<\/b><span style=\"font-weight: 400;\"> smartphone market with nearly 750 million users.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Rising online fraud<\/b><span style=\"font-weight: 400;\">, cybercrime, and data breaches have prompted the government to strengthen device-level security.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The proposals align with the Indian PM\u2019s broader push for digital security and data sovereignty.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Similar tensions have emerged earlier over mandatory cyber safety apps (later revoked), and stringent testing norms for security cameras due to national security concerns.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Key Features of the Proposed Security Standards<\/b><\/h2>\n<ul>\n<li><b>Source code disclosure:<\/b>\n<ul>\n<li><span style=\"font-weight: 400;\">Manufacturers must submit proprietary source code for review and vulnerability analysis by government-designated labs.<\/span><\/li>\n<li><b>Objective<\/b><span style=\"font-weight: 400;\">: Detect backdoors and systemic vulnerabilities.<\/span><\/li>\n<li><b>Industry response:<\/b>\n<ul>\n<li><span style=\"font-weight: 400;\">The Manufacturers\u2019 Association for Information Technology (MAIT) calls it \u201cnot possible\u201d due to corporate secrecy and privacy norms.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">No such requirement exists in the EU, North America, Australia, or Africa.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><b>Background permission restrictions:<\/b>\n<ul>\n<li><span style=\"font-weight: 400;\">Apps cannot access camera, microphone, or location in the background. Mandatory continuous status-bar alerts when permissions are active.<\/span><\/li>\n<li><b>Concern<\/b><span style=\"font-weight: 400;\">: No global precedent or standardized testing method.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><b>Permission review alerts:<\/b><span style=\"font-weight: 400;\"> Devices must periodically prompt users to review app permissions. Industry wants alerts limited to \u201chighly critical\u201d permissions to avoid user fatigue.<\/span><\/li>\n<li><b>One-year log retention:<\/b>\n<ul>\n<li><span style=\"font-weight: 400;\">Phones must store security audit logs (logins, app installs) for 12 months.<\/span><\/li>\n<li><b>Industry concern: <\/b><span style=\"font-weight: 400;\">Consumer devices lack sufficient storage capacity.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><b>Periodic malware scanning:<\/b><span style=\"font-weight: 400;\"> Mandatory automatic malware scans. <\/span><b>Concerns<\/b><span style=\"font-weight: 400;\">: Battery drain, slower device performance, etc.<\/span><\/li>\n<li><b>Removal of pre-installed apps: <\/b><span style=\"font-weight: 400;\">All non-essential pre-installed apps must be removable. Companies argue many apps are integral system components.<\/span><\/li>\n<li><b>Mandatory notification of software updates:<\/b>\n<ul>\n<li><span style=\"font-weight: 400;\">Manufacturers must inform the National Centre for Communication Security before releasing major updates or patches.<\/span><\/li>\n<li><b>Industry view:<\/b><span style=\"font-weight: 400;\"> This will be impractical during zero-day vulnerabilities. Delays may increase user exposure to active cyber threats.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><b>Tamper detection (Rooting\/Jailbreaking): <\/b><span style=\"font-weight: 400;\">Devices must detect tampering and show persistent warnings. <\/span><b>Industry response: <\/b><span style=\"font-weight: 400;\">No reliable universal detection mechanism exists.<\/span><\/li>\n<li><b>Anti-rollback protection:<\/b><span style=\"font-weight: 400;\"> Blocking installation of older software versions, even if manufacturer-signed. <\/span><\/li>\n<li><b>Concern<\/b><span style=\"font-weight: 400;\">: No global standard; may restrict legitimate use cases.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Key Challenges and Way Ahead<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Data Security vs proprietary rights<\/b><span style=\"font-weight: 400;\">: Risk of exposing trade secrets. Risk-based regulation focusing on critical vulnerabilities rather than blanket controls.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Lack of global precedent<\/b><span style=\"font-weight: 400;\">: Potential regulatory overreach. Adopt global best practices aligned with <strong><a href=\"https:\/\/vajiramandravi.com\/current-affairs\/about-organisation-for-economic-co-operation-and-development-oecd\/\" target=\"_blank\">OECD<\/a><\/strong> and EU cybersecurity norms.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Ease of doing business<\/b><span style=\"font-weight: 400;\">: Compliance costs may deter investment. Ensure time-bound clearance mechanisms for security updates. Strengthen user-level security <\/span><b>awareness <\/b><span style=\"font-weight: 400;\">alongside device-level controls.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Operational practicality<\/b><span style=\"font-weight: 400;\">: Update delays, battery drain, storage constraints. Explore independent third-party audits instead of direct source code disclosure.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Innovation chill<\/b><span style=\"font-weight: 400;\">: Excessive regulation may impact R&amp;D. Maintain a balance between national security, privacy, and innovation.<\/span><\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Conclusion<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">India\u2019s proposed smartphone security framework (ITSAR) reflects legitimate concerns over cybersecurity, data protection, and national security in a rapidly digitising economy.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">However, enforcing intrusive measures like source code disclosure without global precedent risks undermining innovation, trust, and market competitiveness.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A <\/span><b>consultative, proportionate<\/b><span style=\"font-weight: 400;\">, and globally harmonised approach is essential to safeguard users while preserving India\u2019s attractiveness as a major digital and manufacturing hub.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><b>Source: <\/b><a href=\"https:\/\/www.thehindu.com\/news\/national\/india-proposes-forcing-smartphone-makers-to-give-source-code-in-security-overhaul\/article70497338.ece\" target=\"_blank\" rel=\"nofollow noopener\"><b>TH<\/b><\/a>\u00a0<b>| <\/b><a href=\"https:\/\/economictimes.indiatimes.com\/industry\/cons-products\/electronics\/indias-proposed-phone-security-rules-that-are-worrying-tech-firms-apple-google-samsung-xiaomi\/articleshow\/126463346.cms?from=mdr\" target=\"_blank\" rel=\"nofollow noopener\"><b>ET<\/b><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Union Government is considering legally enforcing Indian Telecom Security Assurance Requirements (ITSAR) for smartphones, including source code disclosure.<\/p>\n","protected":false},"author":19,"featured_media":82114,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[18],"tags":[4695,60,22,59],"class_list":{"0":"post-82088","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-upsc-mains-current-affairs","8":"tag-itsar","9":"tag-mains-articles","10":"tag-upsc-current-affairs","11":"tag-upsc-mains-current-affairs","12":"no-featured-image-padding"},"acf":[],"_links":{"self":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/82088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/comments?post=82088"}],"version-history":[{"count":0,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/82088\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media\/82114"}],"wp:attachment":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media?parent=82088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/categories?post=82088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/tags?post=82088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}