Security updates for Android phones and iPhones could soon encounter an extra layer of oversight in India, potentially slowing how fast fixes reach users. A new proposal under discussion would require smartphone manufacturers to alert a government security authority before rolling out major software updates or critical security patches. Industry groups warn that even a short delay could matter when vulnerabilities are actively being exploited.
According to a report from Reuters, India is reviewing draft standards that would introduce a formal notification step ahead of major system updates. The idea may sound administrative on paper, but timing is everything in cybersecurity. When a flaw is discovered in the wild, days or even hours can make a difference between devices staying secure or being left exposed.
A new notice before updates roll out
At the center of the proposal is a requirement for phone makers to notify the National Centre for Communication Security before releasing significant software updates or security patches. In addition to the notice, the framework also allows for testing linked to those releases. This is where companies say the process could become complicated.
Modern security responses rarely happen in one clean update. Manufacturers often push an initial patch to close the most urgent gap, followed by smaller updates that reinforce protections and address secondary issues. Any system that encourages bundling fixes together or waiting for broader releases could disrupt that rhythm.
For users, this could mean longer windows where known vulnerabilities remain unpatched, even if a fix is technically ready to ship.
Why phone makers are uneasy
The notification requirement is only one part of a broader security package under review. The same draft standards include proposals for periodic malware scanning on devices and a requirement to store security audit logs locally for up to 12 months.
Phone manufacturers argue that always-on malware scanning could affect battery life and system performance, especially on budget devices with limited hardware resources. Long-term log storage also raises concerns about storage capacity, particularly for phones with lower internal memory.
Other elements of the proposal include safeguards designed to prevent users from installing older software versions and persistent warnings on rooted or jailbroken devices. While these measures aim to improve overall security, manufacturers say some requirements could be difficult to test and enforce consistently across millions of devices.
There has also been debate around whether India is seeking access to smartphone source code as part of the broader security overhaul. India’s IT ministry has publicly rejected claims that it wants direct access to source code, stating that consultations are ongoing and that misinformation has fueled some of the concern.
What this could mean for Android and iPhone users
If the standards become legally enforceable, the real-world impact will depend on how the notification process is implemented. A lightweight heads-up system may have little effect on update timelines. A more involved approval or testing process could slow the delivery of urgent fixes.
For users of Android and iPhone devices, the immediate advice remains unchanged. Keeping automatic updates enabled and installing security patches as soon as they become available is still the most effective way to stay protected.
The draft standards were first developed in 2023 and are now back under discussion as India considers formal enforcement. Until the final shape of the rules is clear, manufacturers and regulators remain locked in talks over how to balance national security goals with the need for rapid vulnerability response.
As those discussions continue, the key question is whether the proposed checks will remain procedural or turn into a bottleneck that delays critical security updates when they are needed most.
