In December, India’s Department of Telecommunications (DoT) issued a directive requiring messaging platforms such as WhatsApp and Telegram to enforce continuous SIM-device binding, making the physical presence of a SIM card mandatory for the continued use of messaging services on apps like WhatsApp, Telegram, Signal, Arattai, Snapchat, ShareChat, Jio Chat, and Josh. The directive was specifically sent to these companies.
The directive significantly alters how messaging platforms function today. It disrupts multi-device usage, cloud-based automation workflows, remote work, and cross-border account usage, features that underpin how individuals, creators, and businesses rely on messaging platforms. While the move is intended to curb cyber fraud linked to smuggled SIM cards, it does not address India’s dominant fraud vectors, including phishing, caller ID spoofing, OTP theft, and SIM swaps. Instead, it introduces friction for legitimate users, breaks persistent login sessions essential for business messaging and CRM systems, and complicates usage for travellers, NRIs, and users dependent on desktop or web-based apps.
To examine the policy rationale, technical feasibility, and operational impact of this directive, MediaNama organised a discussion on December 12. The discussion explored whether mandatory SIM binding is technically feasible, its proportionality as a fraud-prevention measure, and the broader regulatory implications for digital platforms.
The video for the event is available below:
We saw participation from organisations like:
Bharti Airtel, X (formerly Twitter), Broadband India Forum, Com First, Xiaomi, Cyber Cafe Association of India (CCAOI), Deloitte, Dvara, Info Edge, Bitscore, HasGeek, CUTS, Asia Society, Deep Strat, India Future Foundation, SFLC, Esya Centre, Inshorts, Bureau, ISOC, Sinch, and others.
Key topics discussed included:
- What the DoT means by “SIM binding,” and why the term is technically misleading in the context of modern smartphone operating systems.
- Alternative approaches, including risk-based detection and carrier-led APIs (such as GSMA’s CAMARA API protocol), instead of blanket and continuous SIM-binding enforcement.
- The distinction between SIM binding, device binding, and risk-based authentication, and why most Indian apps, including banking and UPI apps, do not actually use SIM binding mechanism.
- Why continuous SIM presence checks are not feasible on iOS or modern Android due to OS-level privacy and security restrictions implemented by smartphone manufacturers.
- The heavy reliance on SMS-based verification as a workaround, and why this approach is archaic, costly, and vulnerable to interception and spoofing.
- Who bears the cost of repeated OTPs and SMS traffic, and how continuous SIM checks would make messaging platforms financially and operationally unviable.
- Why SIM binding does not…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
