New Delhi: The Indian government has issued a major directive that could transform the way millions of users access popular messaging apps, including WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai, and Josh.

Under the Telecommunication Cybersecurity Amendment Rules, 2025, app-based communication platforms are now required to link user accounts to an active SIM card on their devices. According to the Department of Telecommunications (DoT), users will no longer be able to access these apps unless their SIM card is active and verified.

The new rules classify messaging apps as Telecommunication Identifier User Entities (TIUEs) for the first time, bringing them under telecom-style regulations. Platforms must ensure that the SIM remains linked to the app within a 90-day window, strengthening user verification.

For users accessing these apps via web browsers, an additional security measure will be implemented. The apps must automatically log users out every six hours, requiring them to log in again using a QR code. This system aims to prevent criminals from misusing accounts remotely, ensuring that every session is tied to a verified and active SIM.

Currently, most apps verify a mobile number only once during installation. If the SIM is removed or becomes inactive, the apps continue functioning, creating potential loopholes for misuse. Cybercriminals, including those operating from outside India, have exploited this gap, making it difficult for authorities to track fraud through call records, location logs, or telecom data.

The Cellular Operators Association of India (COAI) highlighted that mandatory SIM binding will help maintain a reliable link between the user, the number, and the device, potentially reducing spam, financial fraud, and scam calls.

Similar measures already exist in the banking and financial sectors. UPI and banking apps require strict SIM verification to prevent unauthorized access, and SEBI has proposed linking SIM cards to trading accounts along with facial recognition for added security.

While some cybersecurity experts caution that the rules may have limited impact—scammers could still obtain SIM cards through forged or borrowed IDs—telecom industry representatives believe that mobile numbers remain India’s strongest digital identity and that the new rules could strengthen cybersecurity and user accountability.