India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user’s mobile number.
To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely identifying their users, in other words, a telecommunication identifier user entity (TIUE), to comply with the directive within 90 days.
The amendment to the Telecommunications (Telecom Cyber Security) Rules, 2024, is seen as an attempt to combat the misuse of telecommunication identifiers for phishing, scams, and cyber fraud, and ensure telecom cybersecurity. The DoT said the SIM‑binding directions are crucial to close a security gap that bad actors are exploiting to conduct cross‑border fraud.
“Accounts on instant messaging and calling apps continue to work even after the associated SIM is removed, deactivated, or moved abroad, enabling anonymous scams, remote ‘digital arrest’ frauds and government‑impersonation calls using Indian numbers,” the DoT said in a statement issued Monday.
“Long‑lived web/desktop sessions let fraudsters control victims’ accounts from distant locations without needing the original device or SIM, which complicates tracing and takedown. A session can currently be authenticated once on a device in India and then continue to operate from abroad, letting criminals run scams using Indian numbers without any fresh verification.”
The newly issued directive mandates that –
- App Based Communication Services are continuously linked to the SIM card installed in the device and make it impossible to use the app without that active SIM
- The web service instance of the messaging platform is periodically logged out every six hours and then giving the users to re-link their device via a QR code if necessary
In forcing periodic re‑authentication, the Indian government said the change reduces the scope for account takeover attacks, remote control misuse, and mule account operations. What’s more, the repeated re-linking introduces additional friction in the process, necessitating that the threat actors prove they are in control again and again.
The DoT also noted that these restrictions ensure that every active account on the messaging app and its web sessions is tied to a Know Your Customer (KYC)‑verified SIM, thereby allowing authorities to trace numbers that are used in phishing, investment, digital arrest, and loan scams.
It’s worth noting that the SIM-binding and automatic session logout rules are already applicable to banking and instant payment apps that use India’s Unified Payments Interface (UPI) system. The latest directions extend this policy to also cover messaging apps. WhatsApp and Signal did not respond to requests for comment.
The development comes days after the…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
