New Delhi: The Central government is introducing changes could impact millions who use popular messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai and Josh.
The Department of Telecommunications (DoT) has directed these platforms to make it impossible for users to access their services without an active SIM card in their devices.
Under the new rule, these apps — classified as Telecommunication Identifier User Entities (TIUEs) — must ensure SIM cards remain continuously linked to their services within 90 days.
For those users who log in via a web browser, the platforms will need to log out users every six hours and require reauthentication via a QR code.
The DoT order is part of India’s new Telecommunication Cybersecurity Amendment Rules, 2025, which place app-based communication services under telecom-style regulation for the first time.
The DoT believes this will make it much more tough for criminals to exploit apps remotely, as every session must now be tied to an active, verified SIM.
The move aims to address a major loophole in how communication apps verify their users.
Currently, most services authenticate the user’s mobile number once, during installation, after which the app continues working even if the SIM is removed or deactivated.
“The binding process between a subscriber’s app-based communication services and their SIM card occurs only once during installation, after which the application continues to function independently,” Cellular Operators Association of India (COAI) explained.
It provides opportunities for cybercriminals, operating from outside India, to continue using these apps even after switching or deactivating SIMs, making it impossible to trace fraudulent activity through call records, location logs, or carrier data.
Now, persistent SIM binding will “maintain critical traceability between the user, the number, and the device,” COAI said. Spam and fraud communications can be reduced and financial scams curbed through messaging platforms.
