SIM binding — the government’s new compliance mandate for messaging platforms — is being pushed as a crucial tool to curb cyber fraud. But will it actually work?
In this interview, cybersecurity expert Venkata Satish Guttula breaks down what SIM binding means, how it could affect millions of users, and whether it can tackle scams like digital arrest.
What exactly is SIM binding?
SIM binding is similar to the process used by UPI apps. When users register, an SMS goes out from their phone, and the app verifies that the SIM card linked to that number is physically present in the device, Guttla said.
He explained that the new mandate requires messaging apps to check whether the SIM card associated with the user’s number — whether physical or eSIM — is active on the device. If the SIM isn’t present, the app can immediately, or within some time, log the user out.
Also read: DGCA eases pilot fatigue-protection rules as IndiGo crisis deepens
This requirement is not limited to mobile phones. The notification also covers desktop apps and web versions of these platforms, even though laptops and desktops don’t have SIM cards, he added.
According to Guttula, the directive mandates automatic logout every six hours on desktops and browsers. That means users will have to log in again every six hours, because the app will forcibly log them out on non-SIM devices.
He notes that this applies to both web and desktop apps.
Will SIM binding help curb scams?
Guttula says the government appears to be targeting digital arrest scams, where criminals impersonate police officers, often over WhatsApp video calls, to extort victims. But he argues SIM binding is not a “silver bullet”.
He explains that TRAI can only enforce SIM binding for Indian mobile numbers. Scammers frequently use international numbers — starting with +1, +971 and others — which fall outside Indian jurisdiction. Many scams already originate from international numbers, and even those operating from within India often register foreign numbers on Indian devices.
If scammers switch entirely to foreign numbers, SIM binding will have no effect. While it may create some friction and discourage the use of Indian numbers for scams, Guttula says and adds that international numbers will still enable these frauds.
Further, he says that another major scam trend involves sending malicious APK files. These are often pushed through WhatsApp, with scammers posing as officials demanding payment for fake challans, gas bills, or electricity dues. If these messages come from international numbers, SIM binding won’t stop them.
Will SIM binding impact people who travel abroad?
Guttula calls this a “valid concern”.
If a user has a single-SIM phone and travels abroad without activating international roaming, they may have to insert a local SIM card. Once the Indian SIM is removed, WhatsApp will stop working.
Even if a phone has dual SIM slots and the Indian SIM stays inserted, users without roaming won’t receive OTPs. Since desktop and web apps log users out every six hours, users abroad won’t be able to log back in, because their SIMs aren’t active on the network and they won’t get the OTP. In short, they risk being logged out of their accounts while travelling.
Do these rules raise privacy concerns?
Guttula outlines several issues. First, the repeated six-hour logins create significant inconvenience. Second, generating OTPs frequently is expensive for platforms, so companies may start asking users for email IDs to push OTPs through email instead of SMS.
He says this means platforms like Meta, which currently only have users’ phone numbers, may now also collect email addresses. Since WhatsApp already faces widespread spam issues, he worries that email IDs could be used for more unwanted communication.
He also notes that each login provides location data, meaning apps could collect more granular information every time a user logs in. While he does not characterise it as a major privacy invasion, he flags it as a concern linked to the SIM-binding mechanism.
What is a better way to curb cyber fraud?
According to Guttula, the most effective solution is large-scale user education. Scams continue to succeed because users — especially senior citizens — remain unaware of digital threats.
He points out that despite daily media reports, people still fall for scams and lose significant amounts of money. He believes the government needs a campaign on the scale of the Pulse Polio Abhiyan, where volunteers went door-to-door.
A similar effort could involve volunteers educating senior citizens and vulnerable communities, showing them real scam videos and explaining how frauds work. Guttula argues that prevention through awareness is the only sustainable solution.
(The content above has been transcribed from video using a fine-tuned AI model. To ensure accuracy, quality, and editorial integrity, we employ a Human-In-The-Loop (HITL) process. While AI assists in creating the initial draft, our experienced editorial team carefully reviews, edits, and refines the content before publication. At The Federal, we combine the efficiency of AI with the expertise of human editors to deliver reliable and insightful journalism.)
Comments are closed.