WhatsApp wants to hide your phone number. The Indian government just told them to freeze the entire plan.
On July 1, 2026, the Ministry of Electronics and Information Technology sent a direct notice to Meta's chief compliance officer. They gave WhatsApp exactly three days to explain itself. The government thinks hiding phone numbers behind custom handles will trigger an explosion of phishing, digital arrest scams, and sophisticated impersonation attacks.
It is a massive clash over what privacy actually means in modern communication. Meta calls it a major core privacy feature. The Indian government sees it as a shield for criminals.
The Anonymity Trap and the Ghost of Telegram
Tech companies love usernames. They look clean. They keep random people in a group chat from grabbing your personal digits. WhatsApp product vice president Alice Newton-Rex stated that the platform designed this specifically to plug a glaring privacy loophole. Right now, if you are in a massive group chat, any stranger can copy your number and text you. Usernames change that.
But government officials are terrified of anonymity. They just went through a brutal cycle with Telegram. The state blocked Telegram temporarily following leaks of national exam papers. A big reason the government targeted Telegram was its reliance on hidden numbers and custom usernames, which made tracking bad actors incredibly difficult. Though that ban was eventually lifted, the panic remains.
MeitY explicitly stated in its notice that usernames could materially increase online fraud. If a scammer pretends to be a state tax official or a police department using a clever lookalike handle, victims have no quick way to verify who they are talking to. The government believes cybersecurity must be built directly into the core design of an app. It cannot be treated as an afterthought when half a billion users are on the line.
How Meta Plans to Defend Its Privacy Pitch
WhatsApp is not backing down without an argument. The company argues that it built several layers of security to ensure the feature doesn't turn the app into a scammer paradise.
First, there is no global public directory. You cannot just open a search bar on WhatsApp, type a random name, and browse results. There are no automated suggestions either. If someone wants to message you for the first time via your username, they must know your exact spelling down to the character.
Second, Meta claims it already locked down high-profile handles. Names belonging to government entities, celebrities, public figures, and verified Meta accounts are permanently withheld. Lookalike derivatives meant to trick people are also frozen so bad actors cannot claim them.
The Security Layers You Haven't Heard About
The app is introducing a feature called a username key. Think of it as a secondary PIN. Even if a scammer guesses your exact username, they cannot send that initial message unless they also possess your specific key. You can reset this key at any moment, which immediately cuts off any new incoming spam.
When an unknown account messages you via a username, WhatsApp will flash a detailed context card. It will tell you:
- If the account is brand new.
- If you share any mutual group chats.
- Which country the account's underlying network registry originates from.
These indicators give you a clearer picture before you hit accept.
The Business Reality of BSUIDs
For companies using the WhatsApp Business API, the technical side is changing completely. When a user with a username messages a company, the company does not get a phone number. Instead, they receive a Business-Scoped User ID, or BSUID.
This ID is entirely unique to your specific interaction with that single business. If you message a clothing brand, they get one ID string. If you message a bank, the bank gets a completely different string. This prevents companies from trading your ID across different platforms to build a tracking profile on you. Meta started rolling out BSUIDs to partner webhooks earlier this year so developers could rebuild their customer service workflows. If your business infrastructure relies on scraping customer phone numbers from incoming chats to match them with a CRM database, your system will break the moment usernames go fully live.
What Happens Next for Your Account
The three-day ultimatum means Meta must show its full technical blueprint to Indian regulators immediately. This isn't the first time India has forced Meta's hand on infrastructure. The Department of Telecommunications previously forced compliance on strict SIM binding rules to ensure accounts match active physical cards.
If you already reserved your handle during the early reservation phase, your choice is safe for now but dormant. Do not expect to start giving out your username to skip sharing your phone number just yet. The rollout is paused until regulators are satisfied.
If you run an online business or manage client communication on WhatsApp, stop planning updates around phone number data collection. Start updating your systems to parse BSUID tokens. The era of universal phone number tracking is ending, even if the government delays the launch to tweak the safety features.
Watch this breakdown of the dispute to see exactly how the three-day notice alters Meta's immediate deployment timeline across India.