In a move to bolster cybersecurity, the Indian government has mandated significant changes to the login protocols for popular messaging applications like WhatsApp, Telegram, Signal, Snapchat, Sharechat, Jiochat, Arattai, and Josh. The Department of Telecommunications (DoT) has directed these platforms to implement stricter measures, primarily focused on linking app usage to the SIM card used during registration.

One of the key changes is the enforcement of "SIM binding," which ensures that the app can only be used if the original SIM card used for registration is present and active in the device. This means that if a user removes, replaces, or deactivates the SIM card, the messaging app will cease to function. This measure aims to prevent cybercriminals from exploiting these apps, as they often use them even after the SIM card has been deactivated. By creating a strong link between the user's number, phone, and app, the government hopes to control spam, fraudulent calls, and financial fraud.

Furthermore, the new rules stipulate that web-based versions of these apps, such as WhatsApp Web, will automatically log out users every six hours. To regain access, users will need to re-authenticate by scanning a QR code through their phone. This measure is designed to minimize security risks from unattended browser sessions and ensure that the person using the web session is in possession of the SIM linked to that account.

These changes have been introduced under the Telecommunications Cyber Security (Amendment) Rules, 2025, which bring app-based telecom services under stringent telecommunications regulations for the first time. The government believes that this will make mobile number-based digital identities more trustworthy and make app-based communications in India more secure and accountable. The DoT has directed the messaging platforms to implement these changes within 90 days and submit a compliance report within 120 days. Failure to comply with these directives will attract action under the Telecommunications Act, 2023, the Telecom Cyber Security Rules, 2024 (as amended), and other applicable laws.

While the government asserts that these measures are necessary to combat rising digital fraud and enhance cybersecurity, some experts and users have expressed concerns about potential disruptions and privacy implications. For instance, users who rely on Wi-Fi-only tablets or frequently switch devices may face inconveniences. Additionally, the constant SIM linkage and mandatory logouts could disrupt workflows, especially for professionals who use these apps on their computers during work hours.

Some cybersecurity professionals argue that the move may have a limited impact, as scammers can still use forged or borrowed IDs to obtain new SIM cards. However, telecom industry representatives maintain that mobile numbers remain India's strongest digital identity and believe the new rules could strengthen cybersecurity and accountability. The Cellular Operators Association of India (COAI) has stated that the current system, where apps function independently of SIM cards after initial verification, creates opportunities for misuse.

Despite the potential drawbacks, the government is firm on its stance, emphasizing the need to curb cyber fraud and protect users' personal information. The new login protocols represent a significant step towards a more secure and accountable digital communication landscape in India.