Key Takeaways
- WhatsApp, Telegram, Signal and other messaging apps may soon require active SIM cards to function
- Users must link their SIM to the app within 90 days under new cybersecurity rules
- Web versions will log out automatically every 6 hours for added security
- Government aims to prevent misuse by criminals and improve traceability
The Indian government has issued a major directive that could fundamentally change how millions use popular messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh. According to new Telecommunication Cybersecurity Amendment Rules, 2025, these platforms must ensure their services cannot function without an active SIM card in the user’s device.
New SIM Linking Requirements
The Department of Telecommunications (DoT) has mandated that apps – officially termed Telecommunication Identifier User Entities (TIUEs) – must ensure users’ SIM cards remain continuously linked to the app within 90 days. This brings app-based communication services under telecom-style regulation for the first time.
For web browser users, the government has added another security layer: apps will automatically log users out every six hours and require fresh login via QR code.
Closing Security Gaps
The DoT states this system will make it harder for criminals to misuse services remotely, as every session must be tied to an active, verified SIM. Officials explain the rule addresses a major gap in current verification methods where most apps only check mobile numbers during installation.
Currently, apps continue working even after SIM removal or deactivation. The Cellular Operators Association of India (COAI) highlighted this allows apps to function independently of SIM cards, creating misuse opportunities.
Combating Cybercrime
Cybercriminals, including those operating from outside India, exploit this loophole by continuing to use apps even after changing or deactivating SIM cards. This makes it extremely difficult for authorities to trace fraud through call records, location logs, or telecom data.
COAI believes mandatory SIM binding would maintain a reliable link between user, number, and device, potentially reducing spam, fraud calls, and financial scams.
Industry Perspectives
Similar security checks exist in banking and UPI apps requiring strict SIM verification, while SEBI has proposed linking SIM cards to trading accounts with facial recognition.
However, experts remain divided. Some cybersecurity professionals told MediaNama the move may have limited impact as scammers can still use forged or borrowed IDs for new SIM cards. Telecom industry representatives counter that mobile numbers remain India’s strongest digital identity and believe the new rules could strengthen cybersecurity and accountability.
