New Delhi Pulls the Brakes on WhatsApp Usernames Over Fraud Fears
Meta says WhatsApp usernames are safeguarded against scams after India flags cybersecurity risks
The government has directed Meta to halt the rollout of its new username feature, citing concerns that it could fuel a surge in digital arrests and phishing scams across India.
For more than half a billion Indians, the blue icon of WhatsApp is the primary gateway to the digital world. But this week, a planned privacy upgrade—a feature intended to let users interact without sharing phone numbers—has hit a regulatory wall. The Ministry of Electronics and Information Technology has effectively paused the rollout, demanding a detailed explanation from Meta within three days. Officials fear that moving away from phone-number-based identification could lower the barrier for bad actors to impersonate legitimate users, potentially worsening an already alarming rise in cybercrime.
The Security vs. Privacy Tug-of-War
Meta had pitched the username feature as a "major privacy feature" designed to bolster user anonymity. However, the government’s reaction highlights a growing friction in policymaking: the constant tension between protecting individual privacy and maintaining public security. According to data cited by the administration, cybercrime incidents in India have more than doubled, jumping from 1 million cases in 2022 to nearly 2.3 million in 2024. For regulators, any tool that obscures identity is a potential vector for the "digital arrest" scams and phishing attacks that have plagued the country.
Industry analysts suggest the government’s caution is well-founded. With India serving as a primary target for global scam syndicates—trailing only the United States in frequency of attacks according to Meta’s own threat reports—the platform’s massive scale is a double-edged sword. Experts like Neil Shah of Counterpoint Research point out that if scammers can easily mirror familiar names and profile pictures under a new username system, the speed at which misinformation and fraudulent requests travel could become nearly impossible to contain.
Meta’s Defense
In response to the government’s directive, a Meta spokesperson clarified that the feature has not yet gone live and is intended for a gradual introduction later this year. The company insists it has baked safety directly into the architecture of the new usernames. These "multiple layers of defense" supposedly include blocking repeated attempts to guess usernames and using automated systems to flag and purge accounts that exhibit patterns of impersonation or abuse. Furthermore, Meta maintains that even with usernames, the underlying reliance on phone numbers for account registration remains a fundamental security anchor.
Why it matters
This standoff is symptomatic of a broader shift in New Delhi’s approach to Big Tech. While user privacy remains a key talking point, the sheer volume of financial fraud has pushed security to the top of the agenda. The government is signaling that convenience features—no matter how privacy-friendly—cannot come at the cost of public safety in a market of this size. For Meta, this is a test of its ability to satisfy Indian regulators who are no longer content with "trust us" assurances. The outcome here will likely set a precedent for how global platforms launch sensitive features in India, where the state is increasingly asserting its role as the ultimate gatekeeper of digital safety.
Arjun Mehta reports on government, policy and Parliament for PoliticalPedia, in English and Hindi.