The government has pushed back the deadline for SIM-binding rules on messaging apps and scrapped a controversial six-hour logout requirement, but the core question remains: will tying accounts to mobile SIMs actually curb fraud, or is the policy aimed at the wrong layer of the problem?
Last week’s extension to 31 December for platforms such as WhatsApp, Telegram and Signal offers companies more time to comply. It also reflects technical challenges flagged by companies and concerns over user experience.
Yet experts question the premise, arguing that fraud occurs at the telecom and network layer, not within apps, raising doubts about whether SIM binding can deliver the intended results.
Mint explains.
Why did the government extend the SIM-binding deadline?
In November last year, the department of telecommunications (DoT) directed messaging platforms, including WhatsApp, Telegram, Signal, Arattai, Snapchat, Sharechat, Jiochat, and Josh, to ensure their services remain linked to users’ SIM cards and phone numbers. Users without an active SIM would not be able to access these apps. The original deadline was end-February.
Companies also had to enforce automatic logout from web versions every six hours, with re-login requiring QR-based device linking.
Operating system providers such as Google and Apple sought more time, citing technical challenges, prompting the government to extend the deadline.
The government has also dropped the mandatory six-hour logout rule after concerns it would disrupt user experience and business communication. “The web service instances of such mobile apps are required to be logged out on the basis of risk-based analysis. No specific time period has been stipulated for such logging out,” it said in Parliament last week. In effect, only anomalous behaviour will now trigger re-verification.
Why does the government want SIM binding?
The directive targets a surge in digital fraud, with reported cyber-fraud losses exceeding ₹22,000 crore in 2025. The government’s view is that phone numbers, issued by telecom operators, provide a traceable identity layer.
By ensuring messaging accounts remain tied to a physical SIM, authorities believe they can close a loophole that allows fraudsters to run scams or impersonation operations using Indian numbers even after a SIM is removed or deactivated.
Frequent re-authentication, the DoT said in a 1 December 2025 release, would force criminals to repeatedly prove control of the device or SIM, increasing friction and detectability.
So, will it actually stop fraud?
That is where the policy faces pushback.
Telecom expert Parag Kar argued in a recent analysis that “that fraud never happens at the app layer; fraud happens at the network layer”. Apps, he said, do not even know the user’s identity.
This distinction is critical. In SIM-swap fraud, where a duplicate SIM is fraudulently issued, app-level checks would still authenticate the attacker as a legitimate user because the device carries a verified SIM. In that sense, SIM binding becomes a device check rather than a true identity check, leaving the underlying vulnerability intact.
A February report by CUTS (Consumer Unity & Trust Society) International similarly recommended using background APIs (application programming interface) for silent, real-time verification instead of repeated user authentication.
It also argued for stricter KYC at the point of SIM issuance, suggesting that addressing fake identities at the source is more effective than continuous verification at the app level.
Are platforms implementing SIM binding?
Some are moving ahead, albeit cautiously. Media reports indicate Meta-owned WhatsApp is testing SIM-binding on Android. At the same time, platforms are exploring alternatives that could reduce reliance on phone numbers altogether.
WhatsApp is also reportedly considering user IDs or handles that would allow interaction without sharing phone numbers. If such models gain traction, they could diverge from the SIM-based framework and potentially complicate how regulators oversee these services.
Who benefits from SIM binding?
The idea of SIM binding was first pushed by the Cellular Operators Association of India (COAI) in August last year, arguing that OTT communication apps should remain tied to verified SIMs to curb fraud and strengthen security.
At the same time, the policy could support telecom operators commercially. By requiring an active SIM for continued access to messaging apps, it may push users with inactive or non-recharged numbers to maintain minimum plans, aiding subscriber retention and additions.