India Mandates Messaging Apps to Tie to Active SIMs and Enforce 6-Hour Logouts to Combat Fraud

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India’s Department of Telecommunications (DoT) has mandated that messaging apps like WhatsApp and Telegram must operate only with active SIM cards linked to users’ mobile numbers, with web sessions logging out every six hours. The directive aims to close a security gap exploited by fraudsters for cross-border scams.

Why This Matters

The technical reality is that existing systems allowed messaging apps to function indefinitely without verifying the active status of the SIM card, enabling fraudsters to operate remotely using stolen or unverified numbers. The DoT estimates this loophole has facilitated thousands of scams, including “digital arrest” frauds and phishing, with losses potentially reaching billions annually. By tying accounts to active SIMs and enforcing periodic re-authentication, the policy seeks to align app behavior with ideal security models that prioritize traceability and accountability.

Key Insights

• “90-day compliance window for messaging apps, 2025”: India’s DoT gave platforms 90 days to implement SIM-binding rules.
• “Six-hour logout enforced for web sessions”: Web-based messaging access must expire every six hours, requiring QR code re-linking.
• “KYC-verified SIMs mandated for all active accounts”: Ensures traceability of numbers used in scams, per the Telecommunications (Telecom Cyber Security) Rules, 2024.

Practical Applications

• Use Case: Messaging apps like WhatsApp now require active SIMs for access, reducing remote account takeover risks.
• Pitfall: Overly strict policies may inconvenience legitimate users needing uninterrupted access across devices or locations.

References:

• https://thehackernews.com/2025/12/india-orders-messaging-apps-to-work.html