Govt mandates SIM binding for apps to check online fraud

The Department of Telecommunications has directed over the top (OTT) communication apps, such as WhatsApp, Telegram, Snapchat, Signal, Arattai and others, to ensure SIM binding. This means the app will remain linked to the mobile number on a particular device. The move aims to check rising instances of frauds. According to officials, discussions with major service providers had been ongoing for months, but the growing misuse made immediate action unavoidable. Authorities noted that the ability to use an Indian mobile number on an app without the corresponding SIM physically present or active has posed a serious threat to the integrity of the telecom ecosystem.

To plug this vulnerability, the government has mandated strict compliance measures that app-based communication services must implement within 90 days. Apps must remain continuously linked to the specific SIM card associated with the mobile number used for login or service delivery. This means the service cannot function on any device unless the corresponding active SIM is present in that device. The move is expected to make it significantly harder for fraudsters operating from abroad to misuse Indian numbers.

For platforms offering a web-based interface, the government has directed that all web sessions must auto-logout periodically and strictly within six hours. Users will still be able to re-link their sessions, but only through a secure QR-code authentication. This step is designed to limit long-duration unauthorized access and keep tighter control over active login instances. The Telecommunication Cybersecurity Amendment Rules, 2025, issued by the Department of Telecommunications (DoT), require that every WhatsApp account remain linked to an active SIM card at all times. The move aims to curb online fraud, impersonation, and spam that have been rising sharply across digital platforms.

WhatsApp has now been classified as a Telecommunication Identifier User Entity (TIUE), a newly created category under Indian telecom law that extends regulatory oversight beyond traditional mobile operators. This means WhatsApp must now follow a set of cybersecurity and verification obligations, similar to those of telecom companies. If the SIM is removed, replaced, or deactivated, WhatsApp will stop functioning.

The government says these measures will make it easier to trace fraudulent communication. “The binding process between a subscriber’s app-based communication service and their SIM card occurs only once during installation, after which the app continues to function independently,” the Cellular Operators Association of India (COAI) said in a statement to MediaNama. “This creates opportunities for misuse,” it added, arguing that persistent SIM verification will close this loophole. The new rules could make the app slightly less convenient but potentially more secure. Those who rely on Wi-Fi-only tablets or frequently switch devices may face disruptions, as WhatsApp will require the SIM to stay physically present in the phone linked to the account.