What Is SIM Binding; How It Impacts WhatsApp, Telegram, Arattai, Other Apps

The Department of Telecommunications (DoT) last week issued an order to messaging apps such as WhatsApp, Telegram, and Arattai, requiring them to ensure SIM binding. This means these apps must always be linked to a SIM card for continued service.

The order comes against the backdrop of “misuse” of telecommunication identifiers and equipment for cybersecurity purposes, according to the government.

“It has come to the notice of the Central Government that some App-Based Communication Services, which use mobile numbers to identify customers/users or to provide services, allow users to access their services without the underlying Subscriber Identity Module (SIM) being present in the device,” the order dated November 8 stated, according to The Hindu Businessline.

It added that “this feature is posing a challenge to telecom cybersecurity, as it is being misused from outside the country to commit cyber-frauds.”

To prevent this, the DoT has directed tech companies operating communication apps to ensure their apps remain continuously linked to the SIM card installed in the device.

Without this, the government wants the companies to make “it impossible to use the app without that specific, active SIM.”

What the Order Means for Users

For most users, day-to-day messaging will continue as usual. Apps will work the same, but they will now depend more closely on the SIM used during registration. Users may experience occasional verification checks or be asked to log in again from time to time.

However, people who use these apps on devices without a SIM, or who keep their SIM in one phone but use the app on another, may experience interruptions or be logged out more frequently.

The order introduces two major changes: apps must regularly confirm that the SIM used to register the account is still in the device. If the SIM is removed or inactive, the app must pause services until the correct SIM is reinserted.

Web versions, such as WhatsApp Web, will automatically log users out every six hours. To reconnect, users will need to scan a fresh QR code, verifying that the user and device are genuine.

What App Makers Need to Do

Communication platforms must confirm to the government within 120 days that these requirements have been fully implemented. App developers are expected to implement all changes within 90 days of receiving instructions.

They are also required to file a compliance report with the Department of Telecommunications within 120 days. Failure to comply may result in action under the Telecommunications Act, 2023, the amended Telecom Cyber Security Rules, 2024, and other relevant laws.

Industry Question the Logic

While the government aims for stronger traceability by requiring every messaging app account to be linked to a physical SIM, critics argue the impact may be limited and could inconvenience regular users. Some cybersecurity experts note that fraudsters often use SIMs obtained with fake or borrowed documents, commit scams quickly, and discard them. Thus, tying apps to SIMs may not fully prevent such activity.

According to a report by the Economic Times, some in the tech industry argue that the DoT may have overstepped its mandate, as the directions significantly change how popular messaging apps function in India without public consultation or technical feasibility checks.

Government officials, however, told the publication that the order applies only to entities using telecommunication identifiers such as mobile numbers. If apps do not want SIM binding, they should avoid using mobile numbers as identifiers.

In addition to SIM binding, the DoT plans a Mobile Number Verification (MNV) platform to confirm that numbers belong to legitimate users and are not being misused. App operators, however, have raised concerns that this could create unnecessary friction for legitimate users while bad actors adapt or migrate elsewhere.