India May Want iOS’s Source Code
Apple and other smartphone manufacturers are resisting an Indian government proposal that would require them to hand over source code for security review, reports Reuters.
[…]
Apple, Google, Samsung, Xiaomi, and industry group MAIT have all reportedly objected, citing a lack of global precedent and concerns about revealing proprietary details.
[…]
The country’s IT ministry also said it “refutes the statement” that it is considering seeking source code from smartphone makers, despite the requirement appearing in the government documents reviewed by Reuters.
India has had similar fights with big tech companies in the past, and nearly always backed down.
Last December India’s Department of Telecommunications demanded that smartphone makers pre-install government apps on all handsets. Civil rights groups and tech industry lobbies both opposed the measure, leading India’s government to first water down the proposal and then abandon it in less than a week.
In 2022, India introduced a directive requiring organizations operating locally to disclose any cybersecurity incidents within six hours of detection, and framed it so cloud operators would have to report on activities conducted by their tenants. Vendors and tech lobby groups pushed back, India’s government eased the requirement, and has scarcely mentioned it since the 2023 revelation that compliance with the law was very low.
Previously:
2 Comments RSS · Twitter · Mastodon
I would be interested to see some experienced developers comment on this. How much of a risk is a third party reading the source code? I know inviting someone else to read what was supposed to be private code is a bit like a stranger taking a good look around your house, but from a technical perspective, what could they actually do with this that they can’t do now?
For example presumably organizations like NSA, FSB, Israel’s equivalent etc don’t have access to the source code but that doesn’t seem to stop them. People with far less resources than that find vulnerabilities all the time.
If it’s read only and they aren’t trying to insert back doors, what is the goal here? What could they possibly hope to achieve by this, both ostensibly and actually?
The issue is that whatever source code they have would get leaked. If even the NSA can get hacked then most government entities can’t be trusted with proprietary source code . No offense to anyone.
