The Indian government has directed messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh to block access without an active SIM card, under the Telecommunication Cybersecurity Amendment Rules, 2025, as reported by Tahir Rihat.
The Department of Telecommunications (DoT) has classified these platforms as Telecommunication Identifier User Entities (TIUEs), subjecting them to telecom-style regulations for the first time. Apps must now ensure a user’s SIM card stays continuously linked to the service within 90 days of initial verification. This addresses a key vulnerability where apps remain functional even after a SIM is removed or deactivated, allowing misuse without ongoing checks.
For web-based access, the rules introduce stricter measures. Platforms will automatically log out users every six hours, requiring re-authentication via QR code tied to a verified SIM. Officials state these changes will hinder remote criminal activities by ensuring each session links to an active, traceable device.
The directive stems from concerns raised by the Cellular Operators Association of India (COAI), which noted that one-time mobile number verification during app installation enables cybercriminals to exploit services post-SIM deactivation. Such loopholes complicate tracing fraud through telecom records, location data, or call logs, especially for international operators. Similar protocols already apply in banking and UPI apps for secure transactions, while the Securities and Exchange Board of India (SEBI) has proposed SIM linking for trading accounts with facial recognition.
Telecom representatives argue that mobile numbers serve as India’s primary digital identity, potentially curbing spam, fraud calls, and scams through better user-device accountability. However, cybersecurity experts consulted by MediaNama question the rules’ effectiveness, pointing out that scammers could still obtain new SIMs using forged or borrowed IDs. Based on verified sources reviewed by Tahir Rihat, the measures aim to bridge regulatory gaps in app-based communications amid rising cyber threats.