---
title: "India Orders WhatsApp to Pause Username Rollout"
date: 2026-07-02
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/07/india-orders-whatsapp-to-pause-username-rollout.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# India Orders WhatsApp to Pause Username Rollout

On July 1, 2026, WhatsApp received a formal notice from India’s Ministry of Electronics and Information Technology, asking it to temporarily halt its new username feature while it explains the feature’s fraud risks.

## Key Takeaways

- MeitY’s notice warns the feature “may materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks.”
- The username feature would let users message contacts without sharing their phone number, similar to Telegram and Signal, per WhatsApp’s own feature design.
- TechCrunch’s testing found that testers could still reserve lookalike usernames referencing Prime Minister Narendra Modi, Bollywood actors, and the Reserve Bank of India during the rollout window.
- The ministry has demanded explanations from Meta before allowing the feature to roll out further.
- Digital rights groups, including the Internet Freedom Foundation, criticized the government’s case-by-case regulatory approach as opaque and overly discretionary.

## What Happened?

WhatsApp had planned to [release the username capability](https://sqmagazine.co.uk/whatsapp-username-reservations/) in the coming months before the government intervened. MeitY’s notice argued that letting strangers make contact through a username, rather than a verified phone number, could let “**bad actors to solicit and message victims,**” opening new channels for scams. India’s **Ministry of Electronics and Information Technology**, the federal body that regulates the country’s IT and digital-platform rules, oversees compliance requirements for messaging apps operating at WhatsApp’s scale in the country.

That pre-launch posture is the story. MeitY is treating an unshipped product change as a live consumer-protection question, and setting a precedent for how Indian regulators intend to engage messaging platforms operating at national scale. The notice does not amount to a ban; it is a demand for explanation before the rollout widens.

> ⛔ WHATSAPP USERNAME FEATURE ON HOLD IN INDIA  
>   
> MeitY has reportedly asked Meta to pause the WhatsApp Username rollout.  
>   
> Reason?  
>   
> • Concerns over digital arrest scams  
> • Phishing attacks  
> • Identity fraud  
>   
> Meta says the feature isn’t live yet, government/celebrity usernames are… [pic.twitter.com/55gMdCg3G2](https://t.co/55gMdCg3G2)
> 
> — Crypto Aman (@cryptoamanclub) [July 2, 2026](https://x.com/cryptoamanclub/status/2072532661047095454?ref_src=twsrc%5Etfw)

 ## Reserved Names, Real Risk

TechCrunch’s testing found that usernames mimicking Modi, well-known Bollywood actors, and the RBI were still available to claim while the feature was in testing. [Meta](https://sqmagazine.co.uk/meta-statistics/) said it reserves usernames tied to public figures and government entities, but the company would not detail which lookalike handles actually receive that proactive protection. That gap between Meta’s stated policy and what researchers could still register is the crux of MeitY’s concern, and it is the detail secondary coverage of the notice alone would have missed.

Meta’s plan lets users carry over existing [Instagram](https://sqmagazine.co.uk/instagram-demographics-statistics/) and Facebook usernames onto WhatsApp, which gives identity consistency across its apps and could help reduce fraud risk for accounts with an established handle history. That same carryover, however, does nothing to stop a first-time WhatsApp user from registering a fresh handle designed to look like someone else’s. The reservable-lookalike gap is what shifts the conversation from a product debate to a regulatory one, and it is the pivot on which the government’s next move, and the sharpest criticism of how MeitY is making that move, both turn.

## The Opacity Pushback

The **Internet Freedom Foundation**, a digital rights group, argued that MeitY’s practice of issuing case-by-case notices rather than clear published rules hands the ministry broad, largely unchecked discretion over platform features. The criticism cuts against the government’s own framing: a notice justified as consumer protection can also function as an informal veto power over how a platform ships product changes, with no public criteria for what triggers it.

Security researcher **Rachel Tobac** of SocialProof Security noted the underlying tension directly: usernames reduce how much a caller’s phone number gets exposed, but that same distance from a verified number is what makes similar-sounding handles easier to weaponize for impersonation.

Verified-identity friction, in other words, is doing double duty as both a privacy feature and a fraud control, and tightening one side can loosen the other. That tradeoff is not unique to [WhatsApp](https://sqmagazine.co.uk/whatsapp-statistics/); it echoes the same pseudonymity-versus-verification debate playing out across account takeover and impersonation scams industry-wide.

## SQ Magazine’s Takeaway

This notice reads less like a ban and more like a compliance stress test. MeitY is asking Meta to prove its impersonation safeguards work before a billion-plus-user rollout, not after. The reserved-name gap TechCrunch surfaced, real names still claimable mid-testing, is the strongest evidence the ministry has that Meta’s public-figure protections are inconsistently applied, and it is a stronger argument than the notice’s boilerplate fraud language alone.

**Username-based messaging** can help reduce a user’s exposure to phone-number harvesting, but it does not by itself prevent impersonation, and platforms that roll out pseudonymous identity features without a transparent verification standard should expect regulators to intervene before launch rather than after the first scam report. The Internet Freedom Foundation’s opacity complaint is a fair one, but it does not resolve the more immediate question: whether Meta can show, publicly, which names its systems actually protect.

For security teams watching how identity-verification standards evolve at platform scale, this notice is worth tracking beyond the India headline. The questions MeitY is asking about reserved names, verification thresholds, and pre-launch disclosure are the same questions every regulator eyeing pseudonymous messaging features will ask next.