India Implements New Regulations for Messaging Apps to Combat Fraud
Full Transcript
India's Department of Telecommunications, or DoT, recently mandated that messaging apps must operate only with active SIM cards linked to users' mobile numbers. This directive affects popular platforms like WhatsApp, Telegram, and Signal, which now have 90 days to comply.
The regulation, part of the Telecommunications Cyber Security Rules, 2024, aims to combat cyber fraud that exploits telecommunication identifiers for phishing and scams. The DoT highlighted that many messaging accounts can remain active even if the linked SIM is deactivated, allowing cybercriminals to conduct scams using Indian numbers from abroad.
This change introduces 'SIM binding,' ensuring that messaging apps are continuously linked to the SIM card in the device, and mandates periodic logouts of web service instances every six hours, requiring users to re-link their devices through a QR code.
This strategy is designed to enhance tracing of accounts involved in fraudulent activities and significantly reduce the risk of account takeovers. The DoT has also emphasized that these messaging accounts must be tied to Know Your Customer, or KYC, verified SIM cards, facilitating law enforcement's ability to trace numbers used in scams.
The new rules extend existing practices already applied to banking and payment apps, which also require a similar SIM binding approach. The move aims to address the surge in mule accounts and identity fraud linked to unverified mobile number associations with financial services, as reported by The Hacker News.
In addition to the messaging app regulations, the Indian government is implementing another cybersecurity measure by requiring smartphone manufacturers to pre-install a state-run app called Sanchar Saathi, which cannot be deleted.
This app is intended to prevent tampering with device identity numbers, and the DoT has mandated that all devices must have this app installed within 90 days. However, Apple is reportedly refusing to comply with this order, citing concerns over privacy and security implications.
While other manufacturers such as Samsung and Xiaomi may proceed with compliance, Apple's position highlights ongoing tensions between governmental requirements and corporate privacy standards. The Sanchar Saathi app has already demonstrated its effectiveness by blocking millions of stolen phones and assisting in device recovery.
The urgency behind these measures arises from a significant increase in cyber incidents in India, with over 2.2 million reported between 2021 and mid-2025, affecting various sectors including telecommunications and finance, according to data from the Indian Computer Emergency Response Team, or CERT-IN.
These developments underscore India's commitment to cybersecurity and fraud prevention in an increasingly digital landscape, where the integrity of communication channels is paramount for both users and service providers.