Apple is fighting many elements of a list of 83 security requirements proposed by the Indian government. This reportedly includes a requirement to hand over iOS source code.
Reuters reports the government saying that it must be able to review the source code of all smartphones in order to allow vulnerabilities to identified …
In a pair of related pieces, Reuters cites four sources as well as its own review of government documents.
India proposes requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures, prompting behind-the-scenes opposition from giants like Apple and Samsung […] “Source code disclosure: Manufacturers must test and provide proprietary source code for review by government-designated labs to identify vulnerabilities in phone operating systems that could be exploited by attackers.” Industry group MAIT, which represents Apple, Samsung, Google, and Xiaomi, has told the government this is “not possible” due to corporate secrecy and global privacy policies.
In addition to commercial confidentiality, making iOS source code available creates very obvious security risks. It would inevitably leak if made available outside of Apple, allowing hackers to seek out vulnerabilities.
MAIT has also objected to a number of other requirements, including informing the Indian government ahead of any major updates or security patches. This would obviously be counterproductive by delaying their release.
The government has said that these are merely proposals and it was currently engaged in consultations with tech giants.
There is some confusion on the source code disclosure proposal, since Reuters apparently quotes from a government document while the IT ministry (kind of) denies it.
The IT ministry added it “refutes the statement” that it is considering seeking source code from smartphone makers, without elaborating or commenting on the government or industry documents cited by Reuters.
Apple previously refused a demand by the Chinese government for its source code, and similarly refused to create a backdoor into iOS for the FBI.
... continue reading