India’s Department of Telecommunications has directed app‑based communication service providers to ensure messaging platforms cannot be used without an active SIM card linked to the user’s mobile number. The notice names apps including WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat and Signal, and gives services 90 days to comply.
The requirement follows an amendment to the Telecommunications (Telecom Cyber Security) Rules, 2024, which aims to close gaps the government says are being exploited for phishing, scams and cross‑border fraud.
The DoT said accounts on instant messaging and calling apps can continue to operate after the associated SIM is removed, deactivated or moved abroad, enabling anonymous scams and complicating tracing and takedown of fraudulent activity. The department warned long‑lived web and desktop sessions let fraudsters control accounts from distant locations without needing the original device or SIM.
The directive mandates that app‑based communication services be continuously linked to the SIM installed in the device and block use of the app without that active SIM. It also requires web service instances of messaging platforms to be periodically logged out every six hours, with users required to re‑link devices via a QR code when necessary.
The government said periodic re‑authentication reduces the scope for account takeover attacks, remote control misuse and mule account operations, and that tying active accounts and web sessions to KYC‑verified SIMs will make it easier to trace numbers used in phishing, investment and loan scams. The rules mirror existing SIM‑binding and automatic logout requirements already applied to banking and payments apps using India’s Unified Payments Interface.
The DoT said a Mobile Number Validation platform will be established to let service providers and government agencies validate whether a mobile number used for a service genuinely belongs to the person on record, describing the planned system as decentralised and privacy‑compliant. WhatsApp and Signal did not respond to requests for comment.