* Manufacturers must test and provide proprietary source code for review by government-designated labs to identify vulnerabilities in phone operating systems that could be exploited by attackers
* Industry group MAIT, which represents Apple, South Korea's Samsung, Google, China's Xiaomi, has told the government this is "not possible" due to corporate secrecy and global privacy policies
BACKGROUND PERMISSION RESTRICTIONS
* Apps cannot access cameras, microphones or location services in the background when phones are inactive - continuous status bar notifications are required when these permissions are active
* Manufacturers say this lacks any global precedent and there is no specific test method prescribed
PERMISSION REVIEW ALERTS
* Devices must periodically display warnings prompting users to review all app permissions, with continuous notifications
* Companies say notice should be limited to "highly critical" permissions
ONE-YEAR LOG RETENTION
* Devices must store security audit logs, including app installations and login attempts, for 12 months
* MAIT argues consumer phones lack the storage capacity for a year of data
PERIODIC MALWARE SCANNING
* Phones must periodically scan for malware and identify potentially harmful applications
* Manufacturers warn that constant on-device scanning significantly drains the battery and slows hardware performance
OPTION TO REMOVE PRE-INSTALLED APPS
* All pre-installed apps bundled with the phone operating system, except those essential for basic phone functions, must be deletable
* Companies argue many apps are critical system components that cannot be removed
INFORMING GOVERNMENT OF MAJOR UPDATES
* Phone makers must notify a government organisation before releasing any major updates or security patches.
* Manufacturers argue this is "impractical" because security fixes must be released quickly to protect users from active exploits, while government delays could leave users vulnerable
TAMPER-DETECTION WARNINGS
* Devices must detect if phones have been rooted or "jailbroken", where users bypass built-in security restrictions, and display continuous warning banners to recommend corrective measures
* Companies say there is no reliable mechanism to detect jailbreaking
ANTI-ROLLBACK PROTECTION
* Phones must permanently block installation of older software versions, even if officially signed by the manufacturer, to prevent security downgrades
* There is no global standard related to this requirement, manufacturers say
17°C