I think that this would be great, since source code auditing would provide insight into anti-consumer additions like malicious backdoors, hidden spyware capabilities, unintended vulnerabilities, etc. However, this could be very bad if this passes and then escalates to mandatory source code modification at the request of a sovereign state. As always, there are possible pros and cons to this approach.
India proposes requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures.
How does that sound promising at all? Especially when initiated by a government, previously having attempted to enforce government spyware, to be installed on all consumer smartphones. The following excerpts are from India’s proposed phone security rules that are worrying tech firms
Devices must store security audit logs, including app installations and login attempts, for 12 months.
Phones must periodically scan for malware and identify potentially harmful applications.
Defined to be potentially harmful by who? Right.
Phone makers must notify a government organisation before releasing any major updates or security patches.
We cannot approve of the security patch just yet, as we must first extensively exploit the vulnerability…
Devices must detect if phones have been rooted or “jailbroken”, where users bypass built-in security restrictions, and display continuous warning banners to recommend corrective measures.
Phones must permanently block installation of older software versions, even if officially signed by the manufacturer, to prevent security downgrades.
India proposes requiring smartphone makers to share source code with the government
Before anyone gets their hopes up that India is pushing for open source software.
Man, if this was about open-sourcing, it might have seriously improved security…
Hmm, doubt it’s for security. Seems more likely they’re looking for backdoors in order to spy on users. There are far too many governments desperate to backdoor encryption and messaging apps to trust any government’s stated intent when it comes to technology
100%.
Whats even the point theirs plenty of engineers in the country with source code access? Maybe the Chinese ones don’t hire in India so its aimed towards them.
I want a government thats requires mandatory AGPL for most classes of software.
lol good luck. Apple already told you to pound sand when you demanded to install state run apps, and now you think you’re getting the source code?
