/pcq/media/agency_attachments/2025/02/06/2025-02-06t100846387z-pcquest-new-logo-png.png){kind=logo}
/pcq/media/member_avatars/2024-08-28t070132803z-img_7046.jpg )
Follow Us/pcq/media/media_files/2025/12/03/india-tightens-rules-for-messaging-apps-with-sim-linked-logins-to-fight-digital-fraud-2025-12-03-16-29-38.png)
India has introduced new rules for messaging apps, requiring them to work only with an active SIM card. The move targets scams, impersonation calls, and cross-border fraud that rely on old or inactive numbers. Popular apps now have 90 days to roll out the change.
The government of India is changing the rules of online chatting, and your favorite messaging apps will soon be feeling the impact. A large part of this change comes from the government’s crackdown on the increase in digital scam activity. The government will now require that all chats, calls, and web sessions must remain tied to an active SIM card (if you do not have a SIM card, you do not have access to chat or call services). The primary goal of this legislation is to put an end to the practices of scammers taking over inactive phone numbers, running their scams from other countries, and disappearing before their victims are even aware that something has occurred. The introduction of this new legislation is going to change how many millions of users interact with their favorite apps.
Rising Fraud Pushes India to Rethink Messaging Security
India's Department of Telecommunications has just made one of the biggest changes yet for communication apps. From now on, messaging platforms that use Indian phone numbers will have to stick to a live SIM card, you know, the kind you pop into your phone all the time. The new rule is going to apply to a whole bunch of popular apps, including WhatsApp, Telegram, Signal, Snapchat, ShareChat, Josh, Arattai, and JioChat.
This is a straight response to a huge rise in phishing scams, fake investment pitches, and 'digital arrest' scams. These sorts of cons usually rely on stolen or inactive numbers to avoid getting caught, often even operating from abroad pretending to be in India. The DoT reckons that current messaging accounts stay active even after their linked SIM has been removed, moved overseas, or turned off. That's a pretty big loophole that's been letting scammers get away with it.
DoT highlights the problem areas
According to officials, one of the biggest weaknesses is long-running web and desktop sessions. Once you log in, a scammer can just keep on using your account for days without needing to get it verified all over again.
That's essentially allowed scammers to hijack victims' accounts from all the way on the other side of the world, making it a lot tougher to track them down and shut them down.
What apps have to change within 3 months?
The updated telecom cybersecurity rules are now calling for two major changes:
Apps will stop working if the active SIM linked to your account is taken out.
Web and desktop logins have to auto log out every six hours. That means users will have to scan a new QR code to carry on.
This way, anyone trying to get control of an account without permission will have to keep re-verifying themselves, which makes it heaps harder for them to get away with it.
/filters:format(webp)/pcq/media/media_files/2025/12/03/rising-fraud-pushes-india-to-rethink-messaging-security-2025-12-03-16-33-48.jpeg)
Tracing scammers gets a whole lot easier
Because SIM cards in India are tied to know your customer (KYC) details, the DoT says this new rule will help investigators track down scammers a whole lot faster. It should make it easier for them to crack down on mule accounts, fake loan apps, impersonation calls, and other scams that use these sorts of tactics.
India's already been using SIM binding for banking and UPI-based payment apps for a while now—so this just brings communication apps in line with how financial apps handle security.
Mobile number validation is part of the wider cleanup
The directive follows the announcement of a Mobile Number Validation (MNV) platform aimed at reducing identity misuse. It allows service providers or government agencies to check whether a mobile number actually belongs to the person whose details they have on record.
Officials say the platform improves trust in digital services while keeping data shared at a minimum.
What this means for everyday users
The six-hour logout cycle will be the first noticeable change for people who use messaging apps on their laptop or desktop. Users who frequently swap SIMs may also need to reconnect their accounts more often. While these changes add extra steps, the government sees them as necessary to slow down fast-growing online fraud. With scams getting more aggressive, the DoT wants messaging apps to tighten access before vulnerabilities expand.
More For You
The First AI-Powered Cyberattack: Inside the Claude Breach
Salesforce Probes Gainsight OAuth Anomalies as SaaS Token Attacks Escalate
Microsoft’s Stealth Upgrade Reinvents Cloud Security
RondoDox Explodes: Unpatched XWiki Servers Are Fueling a Massive 2025 Cyber Attack Wave