reuters.com
www.reuters.com

I think that this would be great, since source code auditing would provide insight into anti-consumer additions like malicious backdoors, hidden spyware capabilities, unintended vulnerabilities, etc. However, this could be very bad if this passes and then escalates to mandatory source code modification at the request of a sovereign state. As always, there are possible pros and cons to this approach.

  • PierceTheBubble@lemmy.mlEnglish
    9·
    12 hours ago

    India proposes requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures.

    How does that sound promising at all? Especially when initiated by a government, previously having attempted to enforce government spyware, to be installed on all consumer smartphones. The following excerpts are from India’s proposed phone security rules that are worrying tech firms

    Devices must store security audit logs, including app installations and login attempts, for 12 months.

    Phones must periodically scan for malware and identify potentially harmful applications.

    Defined to be potentially harmful by who? Right.

    Phone makers must notify a government organisation before releasing any major updates or security patches.

    We cannot approve of the security patch just yet, as we must first extensively exploit the vulnerability…

    Devices must detect if phones have been rooted or “jailbroken”, where users bypass built-in security restrictions, and display continuous warning banners to recommend corrective measures.

    Phones must permanently block installation of older software versions, even if officially signed by the manufacturer, to prevent security downgrades.

    • cryptix@discuss.tchncs.deEnglish
      5·
      5 hours ago

      Wait this is not what I understood from the heading. This looks like they want control , not transparency.