The Indian government has paused the rollout of a new WhatsApp username feature following concerns over potential fraud and impersonation.

This move highlights the tension between Meta's drive for user privacy and the regulatory challenges of preventing digital scams in a massive, mobile-first economy. Because the feature changes how users are identified, officials fear it could create new vulnerabilities for social engineering attacks.

Meta introduced the optional username feature to allow users to be identified by a chosen handle rather than a phone number. The company said the tool is intended to improve privacy by hiding personal digits and to enable better monetization through integration with Facebook and Instagram [1, 3]. The feature is slated for 2026 [4].

However, the Indian government has raised questions regarding how the system prevents bad actors from mimicking legitimate entities or individuals. While Meta said usernames are not searchable and the feature remains optional [2], critics argue the system remains vulnerable. Ankur Warikoo, an Indian entrepreneur, said the change "could be a disaster in India" [3].

Concerns also extend to the reservation of handles. Bipin Preet Singh, CEO of MobiKwik, said, "Several variations of my name were already reserved during WhatsApp's early username reservation process" [1]. This suggests that impersonators could secure handles belonging to public figures or business leaders before the actual users can claim them.

Security experts have warned that the feature opens a new vector for impersonation scams, particularly in a market that currently lacks a strong, comprehensive data-privacy law [1, 3]. The government is currently seeking further clarification from Meta on the safety mechanisms embedded in the rollout before the feature can proceed.

Could be a disaster in India.

The clash between Meta and the Indian government underscores a broader global struggle to balance anonymity with accountability. While usernames protect privacy by masking phone numbers, they remove a primary layer of verification that users rely on to confirm identities. In a landscape prone to high-volume phishing and financial scams, the Indian government is signaling that safety and identity verification take precedence over the platform's desire for a more social-media-like architecture.