New Delhi: The Indian government has announced a new directive that could significantly change how millions use messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh. As per reports, the Department of Telecommunications (DoT) has instructed these platforms to ensure their services cannot be accessed unless the user has an active SIM card in their device.
This directive is part of the Telecommunication Cybersecurity Amendment Rules, 2025, which, for the first time, place app-based communication services under regulations similar to telecom operators. Under these rules, apps — now officially called Telecommunication Identifier User Entities (TIUEs) must keep a user’s SIM card linked to the app continuously within a 90-day period.
For users who prefer accessing these apps through web browsers, an added security step has been introduced. Platforms will now need to automatically log users out every six hours, requiring them to sign in again using a QR code. The DoT says this system will make it harder for criminals to misuse these services remotely, as every session must be tied to an active and verified SIM, as per the reports.
Add Zee News as a Preferred Source
Officials say the rule aims to close a major gap in how communication apps verify users. At present, most apps only verify a mobile number once — during installation. After that, the app continues working even if the SIM is removed or becomes inactive.
According to reports, the Cellular Operators Association of India (COAI) highlighted that this behaviour allows apps to function independently of SIM cards, which creates opportunities for misuse. Cybercriminals, including those operating from outside India, are known to exploit this loophole. Even after changing or deactivating SIM cards, they can continue using these apps, making it extremely difficult for authorities to trace fraud through call records, location logs, or telecom data.
The COAI said that making SIM binding mandatory would keep a reliable link between the user, the number, and the device, which could help reduce spam, fraud calls, and financial scams. Similar security checks already exist in other sectors. Banking and UPI apps require strict SIM verification to prevent unauthorised access, while SEBI has proposed linking SIM cards to trading accounts and using facial recognition for added security.
Experts, however, are divided on the issue. Some cybersecurity professionals told MediaNama that the move may have limited impact, as scammers can still use forged or borrowed IDs to get new SIM cards. On the other hand, telecom industry representatives argue that mobile numbers remain India’s strongest digital identity and believe the new rules could strengthen cybersecurity and accountability.
