The Department of Telecommunications has told these apps that within the next 90 days, they must make sure their services work only when the correct SIM card is in the phone. If you remove that SIM, the app should stop working. This is known as SIM binding.
- Continuous SIM presence: Apps must check regularly whether the original SIM card is still inserted in your phone. If not, the app must automatically stop working until you insert the correct SIM again.
- Web access restrictions: If you use WhatsApp Web or similar web versions, the government wants you to get logged out automatically every six hours. To log in again, you will have to scan a QR code with the app. This is to ensure the device and user are genuine.
People who use these apps on secondary devices without a SIM, or those who keep their SIM in one phone but use the app on another, may face interruptions
I don’t even see the point of this:
- Surveillance?
- Some Incoming telecom plan change which will require you to have a special plan for using Messengers because no one uses SMS and don’t bother to have an SMS plan? so telecom networks can make some more money?
Sheer uselessness. It will do as much to reduce fraud as the UK law has done to reduce porn content for non adults. What it will mean is that people with multiple SIM, will need to have an always active plan on that number, something telecoms will really like.
Also, it essentially means the death knell for WhatsApp Web (in India) because as stated in article, who wants to log in every SIX hours.
Surveillance, yes. By forcing you to maintain control of a physical token they can more easily associate you with the account.
Charitable explanation: by allowing people to use WhatsApp/signal etc without holding onto the sim card, it opens them up to risk that someone else gains control of the phone number, and can then take over that account.
But that doesnt really require that the number stays in the same phone, just under the same persons control. Periodic SMS code check-in would be sufficient.
If a phone gets stolen, you can easily file a complaint, get that sim deactivated and a replacement within an hour. Put it in another phone and logout of any accounts from the stolen phone. If the stolen phone has a lock, then it is pretty difficult for a random thief to extract the data from the phone.
Source: My phone was stolen in 2014 and had my brother’s phone number in it who was in another country. My parents lodged a complaint the next day, deactivated the sim and got a replacement in 3 hours. My phone didn’t have a lock but thankfully I did not have any sensitive data on it and I reset my google account password ASAP after I lost it and logged out of all devices. I still use all the important accounts that were on that phone till this date.
So I doubt the new measures will be any useful given that you already need to verify your govt id and biometrics to get a phono number in the first place.
I’m more thinking along the lines of getting a cheap sim, signing up for signal and them letting the plan lapse and the number is released for use again. And then someone buys a new plan, but gets the recycled number. Not sure how realistic that is as a risk vector though.
But I don’t think it would make any difference. What would actually secure the account is the internal account password which both Signal and Whatsapp already have.
If you hold the number it can’t get recycled into distribution. Signal does fall back to MFA codes over SMS from memory (I’ve recovered the signal account for my grandma, as I own the number), so anyone who controls the number controls the account.
What can you really do when your phone number automatically gets blocked when calling and people will automatically assume you are sketchy when they hear your accent.
And I follow tons of Indian academic content, they tend to explain really difficult concept really easily. I even understand their language so theres that.
On the positive side, it may be to reduce telecommunications fraud
I doubt because to get a phone number in India you already need to provide and verify your government id and biometrics. Without it even the vendor can’t hit next button to allocate the phone number.
