The government has issued a notice to Meta over the rollout of WhatsApp's new 'usernames' feature in India, directing the company to explain its safeguards within three days and refrain from launching the feature until consultations with the government are completed.
According to the notice seen by Outlook Business, the government has taken cognisance of WhatsApp's public announcement that it has begun a phased global rollout of usernames, including in India. The feature would allow users to reserve unique usernames and initiate conversations without revealing their mobile phone numbers.
The government said the feature could materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks by allowing bad actors to contact users without disclosing their phone numbers.
"It is felt that the feature may materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks, by enabling bad actors to solicit and message victims," the notice said.
It further warned that usernames resembling those of individuals, financial institutions, public authorities or government agencies could facilitate identity spoofing and impersonation.
Citing provisions of the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the government directed Meta to explain why regulatory action should not be initiated for launching a feature that could increase cybercrimes.
The notice, which was addressed to Chief Compliance Officer of WhatsApp LLC (Meta) India Operations, also reminded the company that it is obligated to comply with due diligence requirements under Indian law, including preventing impersonation, enabling identification of the first originator of messages where required and complying with provisions relating to identity theft and cheating by personation.
Besides seeking a detailed explanation supported by relevant documents within three days, the government has explicitly directed the company not to roll out the feature in India until consultations conclude to its satisfaction.
Privacy Push Meets Fraud Concerns
Earlier this week (29 June), Kunal Shah led company announced that users would soon be able to communicate using usernames instead of sharing their phone numbers. Similar to Telegram, Signal, Instagram and X, the feature is aimed at allowing users to connect while keeping their mobile numbers private.
But the rollout sparked a debate over whether the privacy benefits outweigh the risks of impersonation and fraud.
Paytm founder Vijay Shekhar Sharma wrote on X, "Soon you will have verified username on WhatsApp, and then unverified similar-sounding usernames."
Echoing similar concerns, MobiKwik Cofounder and CEO Bipin Preet Singh said, "Not a good idea at all. Will lead to proliferation of fraud and impersonation. For example, I checked, most variations of my name already taken. Wonder what can it be used for."
Legal and cybersecurity experts have also warned that scammers could exploit lookalike usernames to impersonate brands, banks, government agencies and public figures. At the same time, others argue the feature improves user privacy by reducing the need to share phone numbers, which have increasingly become universal digital identifiers.
Previously, Meta has rejected concerns around both impersonation and data sharing. The company said usernames would not alter how Accounts Center works or automatically increase cross-platform data sharing with Facebook or Instagram.
It also claimed it has built layered protections into the system, including reserving usernames for verified public figures and government entities, blocking certain lookalike usernames, and using automated systems to detect impersonation and ban offending accounts.
The government's intervention also comes against the backdrop of India's ongoing push for SIM binding across messaging platforms. While WhatsApp has clarified that usernames are merely an alternate discovery mechanism and that accounts will continue to remain linked to users' phone numbers, the government appears unconvinced that the feature, in its current form, adequately addresses the growing threat of cyber fraud.
























