India requires all communication applications to complete the real-name registration and bind the mobile phone card before they can be used.

The Ministry of Telecommunications of India has recently issued instructions to developers of mainstream instant messaging tools in India or internationally to ensure that users cannot use these platforms and send any messages without a valid SIM card associated with a mobile phone number. Major messaging tools including platforms such as WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat and Signal that use Indian mobile numbers to identify users will have to comply with the directive within 90 days.

As India amends the Telecom (Telecommunications Cyber ​​Security) Rules, 2024 and focuses on combating misuse of telecom identifiers for phishing, scams and cyber fraud, the Ministry of Telecom said that the SIM card binding directive is critical to close the security gaps created by bad actors exploiting cross-border fraudulent activities.

According to the requirements, the communication tool needs to automatically log out regularly every 6 hours. If the bound valid SIM card cannot be detected, the user cannot log in again. The advantage of this is that if the user account is stolen, it will not be usable for up to 6 hours.

Previously, accounts on messaging and calling apps could still be used even if the associated SIM card was removed, deactivated or transferred abroad, making it possible for anonymous scams, remote phishing scams and fraudulent calls using Indian numbers to impersonate government officials, India's telecom ministry said.

Long web or desktop sessions can also allow fraudsters to remotely take control of a victim's account without the need for the original device or SIM card, which greatly increases the difficulty of tracking and combating. Currently, a session only needs to be verified once on a device in India to run within/outside, so criminals do not need to use any new verification to commit fraud using Indian numbers.

The new regulations impose strong restrictions on account validity, that is, users can only use platform accounts if the bound mobile phone number and SIM card are in normal condition. This is also accompanied by the communication platform must conduct KYC (Know Your Customer) association for each active account, so Indian law enforcement agencies can also track phishing, investment scams and other types of fraud based on this real-name information.

Domestic messaging platforms in India should not react much to such directives, and it remains to be seen whether foreign platforms, especially privacy-focused ones like WhatsApp and Signal, will comply.