No SIM, No Access: India Orders Messaging Apps to Verify Active SIM Cards
The Indian government has introduced a significant policy that could affect how millions use messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh.
As per media reports, the Department of Telecommunications (DoT) has directed these platforms to restrict access to their services unless users have an active SIM card in their device.
This directive is part of the newly introduced Telecommunication Cybersecurity Amendment Rules, 2025, which—for the first time—place app-based communication tools under regulations similar to those for telecom operators.
Under these rules, the apps—now categorized as Telecommunication Identifier User Entities (TIUEs)—must ensure that each user’s app account stays linked to an active SIM for at least 90 days.
Additionally, the government has introduced extra security requirements for users who access these services through web browsers.
Apps will now be required to automatically log users out every six hours and ask them to log in again through a QR code.
The DoT says this system will make it harder for criminals to misuse these services remotely, as every session must be tied to an active and verified SIM, as per the reports.
Officials say the rule aims to close a major gap in how communication apps verify users. At present, most apps only verify a mobile number once — during installation.
After that, the app continues working even if the SIM is removed or becomes inactive. According to reports, the Cellular Operators Association of India (COAI) highlighted that this behaviour allows apps to function independently of SIM cards, which creates opportunities for misuse.
Cybercriminals, including those operating from outside India, are known to exploit this loophole.
Even after changing or deactivating SIM cards, they can continue using these apps, making it extremely difficult for authorities to trace fraud through call records, location logs, or telecom data.
The COAI said that making SIM binding mandatory would keep a reliable link between the user, the number, and the device, which could help reduce spam, fraud calls, and financial scams.
Similar security checks already exist in other sectors. Banking and UPI apps require strict SIM verification to prevent unauthorised access, while SEBI has proposed linking SIM cards to trading accounts and using facial recognition for added security.
Experts, however, are divided on the issue. Some cybersecurity professionals told MediaNama that the move may have limited impact, as scammers can still use forged or borrowed IDs to get new SIM cards.
On the other hand, telecom industry representatives argue that mobile numbers remain India’s strongest digital identity and believe the new rules could strengthen cybersecurity and accountability.–(IANS)
