I think that this would be great, since source code auditing would provide insight into anti-consumer additions like malicious backdoors, hidden spyware capabilities, unintended vulnerabilities, etc. However, this could be very bad if this passes and then escalates to mandatory source code modification at the request of a sovereign state. As always, there are possible pros and cons to this approach.
India proposes requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures.
How does that sound promising at all? Especially when initiated by a government, previously having attempted to enforce government spyware, to be installed on all consumer smartphones. The following excerpts are from India’s proposed phone security rules that are worrying tech firms
Devices must store security audit logs, including app installations and login attempts, for 12 months.
Phones must periodically scan for malware and identify potentially harmful applications.
Defined to be potentially harmful by who? Right.
Phone makers must notify a government organisation before releasing any major updates or security patches.
We cannot approve of the security patch just yet, as we must first extensively exploit the vulnerability…
Devices must detect if phones have been rooted or “jailbroken”, where users bypass built-in security restrictions, and display continuous warning banners to recommend corrective measures.
Phones must permanently block installation of older software versions, even if officially signed by the manufacturer, to prevent security downgrades.
Wait this is not what I understood from the heading. This looks like they want control , not transparency.
India proposes requiring smartphone makers to share source code with the government
Before anyone gets their hopes up that India is pushing for open source software.
