Amid Global Spyware and Fraud, India Surges Ahead With SIM-Binding Mandate to Regulate App-Based Communications

As global cyber agencies raise red flags over rampant spyware, sophisticated fraud networks and unchecked abuse on digital platforms, India has taken a decisive and pioneering step to secure its digital communication ecosystem. By mandating persistent SIM binding for app-based communication services, the Department of Telecommunications (DoT) has introduced a verified identity layer that significantly elevates national cyber defence. COAI has praised this move as both timely and visionary, positioning India at the forefront of digital security policy worldwide.

Around the world, the threat landscape continues to escalate. On 24 November 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a major alert — “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications.” The advisory warned of “Guardian” spyware, a sophisticated tool that infiltrates messaging platforms via malicious links and compromises both Android and iOS devices. The spyware has been used globally, targeting human rights defenders, journalists, and everyday users, enabling large-scale data theft and surveillance.
While CISA urged users to adopt stronger communication safeguards, India moved one step ahead — implementing persistent SIM binding to harden device identity verification and dramatically reduce the attack surface for such malicious actors.

These threats are compounded by large-scale fraud proliferating across social media and communication platforms. A Reuters investigation exposed that a major social media company failed for at least three years to detect and block a deluge of fraudulent advertisements. These ads targeted billions of users with fake e-commerce schemes, online investment frauds, illegal betting platforms and banned medical products.
India’s SIM-binding directive directly counters this environment by ensuring that communication accounts remain anchored to verified SIM-linked identities — thereby creating accountability and helping curb platform misuse at scale.

Despite individual messaging platforms adopting anti-spam or anti-fraud policies, the effectiveness of such measures remains limited. One prominent service, for instance, has acted on only 2.5% of ban appeals, highlighting structural gaps in platform-level enforcement. Persistent SIM binding fills this gap by introducing a universal, cross-platform identity safeguard that does not rely on voluntary compliance or platform-level policing.

Adding to these concerns, the National Cybercrime Threat Analytics Unit under the Indian Cybercrime Coordination Centre (I4C) recently flagged a major transnational scam: fraudsters were exploiting fake social media advertisements to lure users into linking their messaging accounts through malicious QR codes. By leveraging the “linked devices” feature, attackers hijacked accounts and converted them into “mule accounts,” later rented out for fraud operations.
India’s new SIM-binding mandate neutralizes this vector entirely by ensuring that messaging sessions remain permanently tied to their original, verified SIM card — blocking remote account takeovers and rendering mule-account creation impossible.

In this evolving digital environment, persistent SIM binding emerges as a rational, futuristic and effective security intervention. It elevates India as the first country globally to formalize such a comprehensive identity-verification layer for app-based communications — a step that not only protects citizens but also strengthens the nation’s cybersecurity posture amid rising global threats.

“India has taken a rational and futuristic step forward in this context, and the Indian Telecom Industry is ready to offer whatever assistance necessary to the Government to prevent such scams and frauds from taking place.”
— Lt. Gen. Dr. S.P. Kochhar, Director General, COAI