No WhatsApp without active SIM: India mulls 6-hour logouts to curb misuse, New Rule To Curb Cyber Fraud
No WhatsApp without active SIM: India mulls 6-hour logouts to curb misuse, New Rule To Curb Cyber Fraud
DoT issues strict SIM-binding order for WhatsApp, Telegram, Signal and other platforms; 6-hour logout rule for web logins.
The central government has issued a major directive that will change how messaging apps work across the country. Platforms such as WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Arattai and Josh will now operate only when the registered mobile number is active inside the user’s device. The new “SIM-binding rule” aims to curb rising cyber fraud cases and track misuse of disconnected or relocated SIM cards.
Under the new guideline issued by the Department of Telecommunications (DoT), an app will automatically shut down if the SIM linked to that account is removed or becomes inactive. Until now, most platforms verified a user’s number only during installation, allowing the app to run even after the SIM was taken out, as long as Wi-Fi or mobile data was available.
According to officials, this loophole made cybercrime investigations difficult. In several cases, the SIM used for verification remained in India while the app was accessed on another device, sometimes outside the country, making it nearly impossible to trace call logs, location or the originating device. The SIM-to-device binding rule is designed to close this gap.
A significant change has also been introduced for users who log in through laptops or desktops. WhatsApp Web and similar browser-based versions will now auto-logout every six hours. To continue using the service, users will need to scan a fresh QR code, and this will only work if the phone has the active SIM inside. If the SIM is removed or disabled, the app will immediately log out on both mobile and computer.
The new rule will affect all apps dependent on mobile-number-based verification. This includes Signal, iMessage, Truecaller, OTP-linked Facebook and Instagram accounts, number-based recovery for Google or Apple IDs, and even UPI apps that use mobile number verification.
DoT has said that SIM-binding will help reduce spam, fake profiles, fraudulent international calls and cross-border cyber offences. Telecom security agencies have flagged that one-time verification without continuous SIM presence has become a major vulnerability, especially in cases where criminals use devices abroad to access Indian numbers.
Companies have been given 90 days to implement the new requirement and must submit compliance reports within 120 days. Failure to follow the order will invite action under the Telecommunications Act 2023, the Telecom Cyber Security Rules, and other applicable laws.
