New Delhi [India], December 10 : The Cellular Operators Association of India (COAI) has welcomed the Government of India's recent directive mandating SIM-binding for app-based communication services, asserting that the move is a necessary security safeguard that will not compromise user convenience or privacy.
However, the Association highlighted some of the misconceptions circulated regarding SIM-binding requirements for App based communication services.
It emphasized that SIM-binding is already widely used across digital authentication systems such as UPI and payments applications.
According to COAI, the mechanism only requires the SIM to be present and active in the device not necessarily connected to mobile data making it practical even for international travellers.
COAI dismissed concerns that SIM-binding would inconvenience users abroad or those with single-SIM devices.
It said keeping the Indian SIM in a secondary slot allows seamless use of communication apps over Wi-Fi or with a local SIM card.
The association underscored that the requirement is intentional and essential, aimed at preventing misuse of communication platforms by fraudsters or non-state actors operating from outside India. Binding the app to the subscriber's Indian SIM, COAI said, provides crucial traceability and limits opportunities for unverified or untraceable accounts.
"Concerns about privacy are similarly misplaced. SIM-binding does not require any expanded data collection by App based communication services and does not create new metadata categories. It simply ensures that the SIM linked to a user's identity is present during periodic authentication events, mirroring the widely accepted UPI model. This enhances security without intruding on user privacy," COAI said in a statement.
On the criticism of the six-hour reauthentication requirement, particularly for laptop and tablet users, COAI argued that such time-bound logins are widely adopted in identity-sensitive digital ecosystems, including banking platforms, DigiLocker and VPNs.
"High-value systems including banking portals, DigiLocker, Aadhaar and VPNs enforce far stricter session expiry norms. Smartphones remain logged in through cryptographic anchoring, while laptops and browsers being multi-user and higher-risk undergo periodic authentication to ensure accountable access," it added.
The association clarified that enterprise messaging systems, CRM flows, APIs and other business tools will continue to function normally. SIM-binding, it noted, applies at the user account level, ensuring each account corresponds to a verified SIM, without altering backend business processes.