--- layout: default title: "India's Aadhaar Mandate for Smartphone Makers May Rile Global Firms" description: "A Business Standard report by Alnoor Peermohamed on India's request for global smartphone makers to adopt locally designed biometric standards for Aadhaar authentication, featuring commentary from Sunil Abraham on technical feasibility and security concerns." categories: [Media mentions] date: 2016-09-14 authors: ["Alnoor Peermohamed"] source: "Business Standard" permalink: /media/aadhaar-mandate-smartphone-makers-business-standard/ created: 2026-01-08 --- **India's Aadhaar Mandate for Smartphone Makers May Rile Global Firms** is a *Business Standard* article published on 14 September 2016 by Alnoor Peermohamed. The report examines India's proposal that global smartphone manufacturers such as Apple and Google adopt locally designed standards enabling biometric scanner use for Aadhaar authentication. The article features analysis from Sunil Abraham, then Executive Director of the Centre for Internet and Society, alongside UIDAI Director General Ajay Bhushan Pandey, discussing technical challenges, security requirements, and the likelihood of industry compliance. ## Contents 1. [Article Details](#article-details) 2. [Full Text](#full-text) 3. [Context and Background](#context-and-background) 4. [External Link](#external-link) ## Article Details
đź“° Published in:
Business Standard
đź“… Date:
14 September 2016
👤 Authors:
Alnoor Peermohamed
đź“„ Type:
News Report
đź“° Article Link:
Read Online
## Full Text
A woman undergoing Aadhaar biometric enrolment using a fingerprint scanner at a registration centre in India.
File photo of Aadhaar biometric enrolment being carried out at a registration centre.

India is asking global smartphone makers such as Apple and Google to adopt locally designed standards on their devices or operating systems that would allow use of biometric scanners for Aadhaar authentication, a move that could face resistance from global firms.

Apple, the world's largest smartphone maker, runs its own iOS closed ecosystem and mandates apps built by developers to be certified by the company. Its closest rival Google, which owns the Android operating software that runs on nine out of ten smartphones in India, has directives for device makers to comply with. Firms such as Samsung, Lenovo and Micromax build smartphones on the Android OS that are sold in India.

Most global companies are unlikely to oblige India's request that would require to make changes in their operating system and devices to ensure Aadhaar authentication is done securely on smartphones, say analysts.

"There is no clarity so far. As of now, it is impossible that they (global smartphone makers) would oblige for a hardware safe zone baked on the sensors," says Sunil Abraham, executive director at Centre for Internet and Society, a Bengaluru-based researcher that works on emerging technologies. "Because the biometrics contain sensitive personal information, they (UIDAI) don't want anybody — mobile manufacturer, OS vendor, telco or ISP — to intercept it."

India is hoping that global firms would accept the country's plea considering that most of India's population use a mobile phone as their only computing device and need them to authenticate on Aadhaar for using government and banking services.

"Right now we're in consultation with all these device manufacturers as well as the operating system vendors," said Ajay Bhushan Pandey, Director General of the Unique Identification Authority of India (UIDAI) in a phone interview. "Basically we're trying to evolve our system wherein a manufacturer or the devices where those operating systems are being used will have a facility where Aadhaar authentication can be made possible in a secure manner."

India has over 105 crore people or 98% of adult population with Aadhaar. Most government and private organisations use Aadhaar authentication to issue services or products such as opening a bank account, getting a ration card or buying a mobile connection.

Reliance plans to reduce paperwork and issue connections in less than an hour using Aadhaar and try to get its 100 million target market sooner.

Over a fifth of India's one billion users own smartphones and as the country sees better mobile internet access, more people are expected to upgrade to smartphones and use apps to access their banks to transfer funds, do online shopping and access government services.

{% include back-to-top.html %} ## Context and Background This article appeared during a period when UIDAI was rapidly expanding Aadhaar authentication use cases whilst confronting technical limitations of existing mobile infrastructure. By September 2016, Aadhaar enrolment had achieved near-universal adult coverage, but authentication mechanisms remained constrained by security requirements that clashed with commercial smartphone ecosystems. UIDAI's request for hardware-level secure zones reflected concerns about biometric data interception during transmission from device sensors to authentication servers. The technical challenge Abraham identified centred on trusted execution environments and secure enclaves—hardware-isolated portions of processors designed to protect sensitive operations from compromise by operating systems or applications. Apple's iOS devices incorporated such features through the Secure Enclave, whilst Android's ecosystem varied widely, with only premium devices from manufacturers like Samsung implementing comparable hardware security modules. UIDAI's demand for standardised secure biometric capture across all price segments posed economic and technical barriers that global manufacturers had little incentive to accommodate for a single market. India's position as a massive smartphone market—projected to exceed 300 million users by 2017—gave the government leverage in negotiations with platform providers. However, this leverage remained limited by the fact that India-specific hardware modifications would fragment supply chains, increase manufacturing costs, and create maintenance burdens for security updates. Apple's historical resistance to country-specific backdoors and Google's challenges in enforcing uniform Android standards suggested that voluntary compliance was unlikely without regulatory mandates or market access restrictions. The article's publication coincided with growing tensions between UIDAI and technology companies over authentication standards. In August 2016, UIDAI had released specifications for registered device providers, requiring biometric capture devices to meet security and quality standards. Extending these requirements to consumer smartphones—devices not purpose-built for government authentication—represented a significant escalation that blurred boundaries between personal computing devices and state infrastructure. Pandey's description of "consultations" with device manufacturers and operating system vendors indicated that formal standardisation processes had not yet commenced. International standards-setting bodies like the FIDO Alliance had developed protocols for secure biometric authentication, but these focused on local verification rather than remote authentication against centralised databases—UIDAI's specific requirement. Adapting existing standards or creating India-specific protocols would require sustained technical engagement and willingness from manufacturers to prioritise Indian market requirements. The reference to Reliance's ambitions illustrated how Aadhaar integration had become central to commercial strategies in telecommunications and financial services. Reliance Jio's impending launch in September 2016 aimed to rapidly acquire subscribers through paperless, Aadhaar-based e-KYC processes, reducing onboarding friction from days to minutes. This business model depended on accessible biometric authentication, creating private sector pressure that complemented government demands for smartphone ecosystem changes. Abraham's scepticism about manufacturer compliance proved prescient. Subsequent years saw UIDAI adapt its approach through software-based solutions and certified authentication applications rather than achieving the hardware-level secure zones initially envisaged. The tension between national regulatory authority over digital identity infrastructure and global platform providers' control over device architectures remained unresolved, foreshadowing ongoing debates about digital sovereignty and technology governance. ## External Link - [Read on Business Standard](https://www.business-standard.com/article/economy-policy/india-s-aadhaar-mandate-for-smartphone-makers-may-rile-global-firms-116091401083_1.html)