Govt orders WhatsApp, Telegram, other apps to block access without active SIM

New Delhi: The Indian government has issued a major directive that could change how millions of people use popular messaging apps such as WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh.  

According to reports, the Department of Telecommunications (DoT) has asked these platforms to ensure that their services cannot be used unless the user has an active SIM card in their device.

This move comes under the new Telecommunication Cybersecurity Amendment Rules, 2025, which bring app-based communication services under telecom-style regulation for the first time.

Under the new rules, these apps -- officially termed Telecommunication Identifier User Entities (TIUEs) -- must ensure that a user’s SIM card remains continuously linked to the app within 90 days.

Also Read: MeitY issues SOP to curb online sharing of non-consensual intimate content

For people using these platforms on web browsers, the government has added another layer of security.

Apps will now be required to automatically log users out every six hours and ask them to log in again through a QR code.

The DoT says this system will make it harder for criminals to misuse these services remotely, as every session must be tied to an active and verified SIM, as per the reports.

At present, most apps only verify a mobile number once -- during installation

Officials say the rule aims to close a major gap in how communication apps verify users. At present, most apps only verify a mobile number once -- during installation.

After that, the app continues working even if the SIM is removed or becomes inactive. According to reports, the Cellular Operators Association of India (COAI) highlighted that this behaviour allows apps to function independently of SIM cards, which creates opportunities for misuse.

Cybercriminals, including those operating from outside India, are known to exploit this loophole.

Even after changing or deactivating SIM cards, they can continue using these apps, making it extremely difficult for authorities to trace fraud through call records, location logs, or telecom data.

Also Read: Cyber crooks target Rajya Sabha MP Sudha Murthy; complaint lodged with Bengaluru Police

The COAI said that making SIM binding mandatory would keep a reliable link between the user, the number, and the device, which could help reduce spam, fraud calls, and financial scams.

Similar security checks already exist in other sectors. Banking and UPI apps require strict SIM verification to prevent unauthorised access, while SEBI has proposed linking SIM cards to trading accounts and using facial recognition for added security.

Experts, however, are divided on the issue. Some cybersecurity professionals told MediaNama that the move may have limited impact, as scammers can still use forged or borrowed IDs to get new SIM cards.

On the other hand, telecom industry representatives argue that mobile numbers remain India’s strongest digital identity and believe the new rules could strengthen cybersecurity and accountability.

(IANS)