analysis
Why India is concerned about WhatsApp usernames – and what it could mean for other countries
India has asked Meta to halt the rollout of WhatsApp usernames over fraud and impersonation concerns. Experts weigh the trade-offs between privacy, safety and regulation.
This illustration photograph shows the new upcoming Username feature on instant messaging software WhatsApp, displayed on a smartphone with the backdrop of India’s national flag. (Photo: Manan Vatsyayana/AFP)
New: You can now listen to articles.
This audio is generated by an AI tool.
Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST
Tap here to return to FAST
FAST
BENGALURU: WhatsApp’s new username feature is designed to give users more privacy. But in India, regulators worry it could also make scams harder to spot.
Just days after the phased rollout began, India directed Meta, WhatsApp’s parent company, to halt the feature’s rollout in the country and explain how it plans to prevent fraud and impersonation.
The company has until Jul 9 to respond, according to local media reports.
The feature lets WhatsApp users reserve a username that will eventually allow them to connect with others without sharing their phone number. Username reservations have begun rolling out globally ahead of the feature’s wider launch later this year.
Meta told CNA it has built safeguards against fraud and impersonation, including reserving usernames for public figures, government entities and verified Meta accounts, limiting new contacts, blocking username-guessing attempts and using automated systems to detect abusive or impersonating accounts.
The move makes India the first known government to formally challenge the feature, arguing it could make existing scams more convincing.
The Indian government also sought similar explanations from Telegram and Signal about their own username systems, according to a Reuters report.
Tanveer Hasan, executive director of the Centre for Internet and Society (CIS), an Indian digital policy think tank, told CNA that the Indian government’s concerns are justified because of WhatsApp’s reach.
World Population Review estimates that India had about 853.8 million WhatsApp users in 2026, making India WhatsApp’s largest market.
“The state is right in asking WhatsApp or any other firm to put the safety and dignity of its citizens over ease of business,” Hasan said.
Experts told CNA that India’s intervention will be closely watched by technology companies, digital rights groups and policymakers across the region. They said the questions India is raising about the feature are likely to resonate beyond its borders.
INDIA’S CONCERNS
India’s intervention comes against the backdrop of a sharp rise in cyber fraud, much of it driven by impersonation scams.
![]()
Guess Word
Crack the word, one row at a time
![]()
Buzzword
Create words using the given letters
![]()
Mini Sudoku
Tiny puzzle, mighty brain teaser
![]()
Mini Crossword
Small grid, big challenge
![]()
Word Search
Spot as many words as you can

According to data from India’s Ministry of Home Affairs, Indians lost 224.95 billion rupees (US$2.3 billion) to cyber fraud in 2025, with complaints rising by about 24 per cent year on year to 2.4 million.
More than three-quarters of these cyber-fraud losses came from investment scams, while fraudsters impersonating law enforcement and government authorities in so-called digital arrest scams to coerce victims into transferring money are the second-largest contributor.
“It could add more friction to the law enforcement process,” Andrei Skorobogatov, director of communications at the Global Anti-Scam Alliance (GASA) told CNA.
Although authorities can obtain the phone number linked to a username through legal requests, investigators would first need WhatsApp to identify the account, adding another step to an already time-sensitive process, he explained.
Unlike phone numbers, usernames can resemble trusted institutions or public figures, potentially making fraudulent messages appear more legitimate at first glance, said Vikas Kundu, threat intelligence researcher at CloudSEK, a digital risk monitoring platform.
“Right now, a suspicious phone number is often the victim’s first tripwire (an early-warning system),” Kundu told CNA.
“Hiding that number during the first interaction removes one of the easiest ways users currently verify who is contacting them.”
Kundu said usernames do not create new scam techniques, but could make existing approaches more persuasive.
He also pointed to what cybersecurity researchers call “namespace squatting”, where fraudsters register usernames resembling banks, government agencies or prominent individuals before legitimate entities can claim them.
“A phone number cannot impersonate a bank. A username can,” Kundu said.
Concerns over namespace squatting have already surfaced during WhatsApp’s early reservation phase.
Manish Sisodia, a senior leader of India’s opposition Aam Aadmi Party (AAP) and former deputy chief minister of Delhi, said multiple username combinations using his name and “AAP” had already been reserved.
In a post on X, he urged Meta to introduce verification and grievance mechanisms to prevent misuse of public identities and protect users from impersonation.
A TechCrunch report also found that usernames such as ‘rbi_verify’, which resembles a public institution like India’s central bank – the Reserve Bank of India (RBI) – could still be reserved.
Even usernames resembling prominent politicians, actors and businessmen in India were available to reserve, according to the report.
A preliminary check by CNA found that usernames such as ‘IndianCrimeOffice, ‘IndianOfficerCyberCriminal’ and ‘RBI_Inspector’ were available to reserve.
While these are not the exact official names of Indian law enforcement or regulatory authorities, they could potentially be used to deceive unsuspecting users.
“So the fairest framing is that researchers anticipated the threat, India’s fraud data made it urgent and the regulator simply intervened earlier in the product lifecycle than most of its peer countries would,” said Kundu.
EXPERTS DIVIDED ON INDIA’S MOVE
Other experts, however, argue the Indian government’s response risks going too far.
Independent tech policy researcher Prateek Waghre said usernames also solve a genuine privacy problem by allowing people to communicate without exposing their phone numbers.
Rather than preventing new features from launching, he said regulators should focus on improving digital literacy, strengthening cybercrime response and encouraging platforms to build effective safeguards.

Nikhil Pahwa, founder of MediaNama, questioned whether the government should intervene in product design without a clear legal basis.
He told CNA that WhatsApp’s implementation already includes several protections against impersonation, including reserved usernames, contextual warnings for first-time contacts and the absence of a public username search.
“The idea that the Indian government can try to stop the rollout of a product without having a legal basis reflects poorly on our government,” Pahwa told CNA. “It creates regulatory uncertainty for companies in an important market like India that is seeking foreign investment.”
WhatsApp maintains that the username feature is designed to enhance user privacy by allowing people to connect without revealing their phone numbers.
Unlike platforms such as Telegram, WhatsApp said users will not be able to search for usernames through a public directory.
To start a conversation, someone would need to know the person’s exact username and, if enabled, their username key – an optional secret code that users can choose to share only with trusted contacts.
CIS’ Hasan said these privacy features should not make it easier for bad actors to exploit anonymity. However, he pointed out that WhatsApp’s username key should be a default setting, rather than optional.
Skorobogatov of GASA said Meta would need to continuously monitor how criminals adapt to the feature after launch and work closely with law enforcement to respond quickly if abuse patterns emerge.
BEYOND INDIA
So far, India appears to be the only government that has formally asked WhatsApp to pause its username rollout over impersonation and fraud concerns.
But experts said the conversation is already attracting international attention.

“What is certain to happen is that this official action will have an impact that will be picked up by all stakeholders like Meta ESEAP (East, Southeast Asia and the Pacific) or Google Asia, non-government organisations, legal scholars, individual researchers and digital rights organisations,” said Hasan.
CloudSEK’s Kundu said that organised cybercrime syndicates based in countries such as Cambodia, Myanmar and Thailand are increasingly targeting victims across South and Southeast Asia through messaging platforms.
Meta disabled 150,000 accounts in a global sting on Southeast Asian scam centres in March this year, according to a South China Morning Post report.
In view of this, Kundu pointed out that India’s move is notable not because it identified a previously unknown threat, but because it chose to intervene before the feature was launched.
Experts said the real test will not be whether other countries adopt India’s regulatory approach, but whether platforms can quickly respond as criminals adapt to new features.
“There is a chance that existing scam tactics will be slightly amplified. WhatsApp says it is going to put in place a number of preventative mechanisms and will be proactively monitoring how this works and putting in additional measures if they don’t work, which is great to see,” said Skorobogatov.
Source: CNA/ss(cf)
Sign up for our newsletters

Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app

Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST
Tap here to return to FAST
FAST















