A MONTH after the Central government found itself embroiled in a controversy over the alleged mandatory installation of the Sanchar Saathi app on smartphones, another technology-related concern has cropped up. Reports that authorities may ask smartphone manufacturers to reveal their phones’ source code have triggered unease among users, privacy advocates and tech companies. While the government has categorically denied making any such demand, the idea itself raises larger questions about how far state oversight can go and what such a move could mean for user privacy in an increasingly digital society.
What exactly is source code?
Everything your smartphone does, from unlocking your screen to sending a WhatsApp message, follows instructions written by engineers in programming languages such as C++, Java or Kotlin. This human-readable set of instructions is called source code.
When you tap an app icon, your phone doesn’t directly “understand” the source code. The code is first converted into machine language (a process called compilation), which the phone’s processor can execute. So, source code is essentially the blueprint of software. It explains how a programme works, not just what it does.
Simply put, source code is like an architectural drawing. Without it, you can only see the building, but not the design, materials or logic that hold it together.
How Android and iOS differ?
Android is an open source operating system, meaning its core code is publicly available. But smartphone makers use this base to build their own customised and secure systems, such as Samsung’s One UI and Xiaomi’s HyperOS.
Apple’s iOS code stays closed-source, hidden to protect innovations and security.
What’s in it for govts?
Governments usually cite three broad reasons:
National security: Authorities worry that hidden backdoors or malicious code could allow foreign surveillance or cyberattacks, especially in devices used by officials or critical infrastructure.
Law enforcement and regulation: Access to source code can help regulators understand whether devices comply with local laws covering encryption, data storage or lawful interception.
Trust and transparency: In theory, reviewing source code can ensure that companies are not secretly harvesting data or violating privacy laws.
This is why similar debates have emerged globally, not just in India.
The global practice
There is no universal rule. In China, foreign tech firms often face strict regulatory scrutiny, including security audits. In the European Union, regulators rarely demand full source code, but they do require audits, documentation and compliance with data protection laws. In the US, companies fiercely protect source code as intellectual property, though they may share limited access under court orders or national security reviews.
Most governments rely on independent audits, certifications or controlled inspections, not unhindered access to all source code.
Why companies resist sharing it
For smartphone makers like Apple, Google and Samsung, source code is among their most valuable assets. Handing it over raises several concerns:
Intellectual property risk: Source code reveals trade secrets built over years after spending billions of dollars.
Security issues: More access can sometimes mean more vulnerability. If the sensitive code leaks, hackers gain a roadmap to exploit weaknesses.
Global precedent: If one government demands it, others may follow, fragmenting the global tech ecosystems.
This is why companies usually prefer third-party audits over direct disclosure.
Issue of user privacy
Best-case scenario: If source code is reviewed under strict safeguards by independent experts, it could actually strengthen privacy by ensuring that no hidden data collection or spyware exists.
Worst-case scenario: If governments gain unchecked or opaque access, it could weaken encryption standards or enable broader surveillance. Even the possibility of such access can erode trust, especially among journalists, activists and businesses handling sensitive data.
Importantly, source code access does not automatically mean access to user data. But it can influence how future software behaves, which is why the stakes are high.
Where does this leave users?
For now, the government has denied making any such demand. But the debate reflects a larger global tension over sovereignty versus privacy and regulation versus innovation. The key question isn’t simply whether governments should look under the hood, but how much and under what safeguards. As technology grows more powerful, that balance will only become harder to strike.
