In a major move to strengthen India’s telecom cybersecurity framework, the Central Government has issued fresh directions to app-based communication platforms that use mobile numbers for user identification or delivering services. The order comes after it was found that several such apps allow users to operate their accounts even without having the associated SIM card active in the device, a loophole increasingly exploited from outside India to commit cyber fraud.
According to officials, discussions with major service providers had been ongoing for months, but the growing misuse made immediate action unavoidable. Authorities noted that the ability to use an Indian mobile number on an app without the corresponding SIM physically present or active has posed a serious threat to the integrity of the telecom ecosystem.
What the New Rules Require
To plug this vulnerability, the government has mandated strict compliance measures that app-based communication services must implement within 90 days:
1. Mandatory SIM Linkage
Apps must remain continuously linked to the specific SIM card associated with the mobile number used for login or service delivery. This means the service cannot function on any device unless the corresponding active SIM is present in that device. The move is expected to make it significantly harder for fraudsters operating from abroad to misuse Indian numbers.
2. Frequent Logout for Web Versions
For platforms offering a web-based interface, the government has directed that all web sessions must auto-logout periodically and strictly within six hours. Users will still be able to re-link their sessions, but only through a secure QR-code authentication. This step is designed to limit long-duration unauthorized access and keep tighter control over active login instances.
Why This Matters
Cybercriminals have increasingly taken advantage of SIM-less app functionality, often using stolen or spoofed Indian mobile numbers to run scams from foreign locations. The new policy aims to shut down that window entirely, ensuring that telecom identifiers cannot be misused independently of physical SIM ownership.
Officials say these directives are part of a broader strategy to reinforce national cybersecurity, protect consumers, and ensure accountability in digital communication channels. Platforms offering app-based communication will now need to swiftly revamp their authentication logic and backend systems to meet the new standards.
With cyber fraud growing rapidly in scale and sophistication, the government’s latest move signals a firm intent: safeguarding India’s digital ecosystem is non-negotiable.
