In a bid to tighten defenses against cyber fraud, India’s government has rolled out mandates requiring messaging platforms like WhatsApp, Telegram, Signal, and Snapchat to overhaul their access protocols. Starting in about 90 days, users will encounter enforced logouts on desktop and web versions every six hours, necessitating fresh authentication via QR codes. On mobile devices, access will be locked to the specific SIM card linked to the initial account setup, blocking logins without it.
The Department of Telecommunications (DoT) announced these directives on November 21, targeting vulnerabilities that fraudsters have exploited to perpetrate scams, often from overseas. Under the current system, apps tied to mobile numbers for user verification permit operation without the associated SIM present in the device—a loophole that has enabled unauthorized access and threats to the nation’s telecom security framework.
“Some app-based communication services that utilize mobile numbers for identification of customers or for provisioning services allow users to consume their services without the underlying Subscriber Identity Module (SIM) within the device,” the DoT stated in its order. This gap, it noted, has been weaponized by cybercriminals abroad to conduct frauds, undermining the integrity of telecommunication identifiers.
To address this, the rules stipulate that from 90 days after issuance, mobile app services must remain continuously bound to the SIM card tied to the user’s registered mobile number. Without that active SIM installed, the app will not function. For web-based instances on computers, sessions must automatically expire no later than every six hours, with re-linking available only through QR code scanning.
ALSO READ : WhatsApp Testing Cross-Platform Messaging Feature for EU Users: Here’s What It Means
Non-compliant companies risk penalties under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and related regulations. The DoT has required service providers to submit compliance reports within 120 days.
These measures aim to fortify the telecom ecosystem’s security, ensuring that app usage stays anchored to verified identifiers and curbing the risks posed by SIM-absent logins. As digital threats evolve, the changes reflect a proactive stance to protect users from increasingly sophisticated scams.
-
-
-
-
