In the age of social media, WhatsApp is considered one of the more intimate platforms, used largely by people to connect with those close to them. It remains one of the most accessible and popular apps for staying in touch with contacts.
While the platform is constantly updating itself and introducing new features, its recent username update is being positioned as a step towards greater privacy. The update aims to reduce reliance on phone numbers and introduce usernames instead.
The process for users to choose their usernames had already started and was expected to be completed by the end of the year. However, the rollout has since been put on hold in India after the Union government directed Meta not to introduce the feature until consultations are completed, citing concerns over impersonation, phishing and online fraud.
The update also includes provisions for business owners and influencers to maintain a consistent online presence, as well as options for people to link their WhatsApp usernames to other Meta accounts.
Concerns over impersonation
Following the announcement, users have taken to online platforms to discuss how the update could affect cybersecurity and whether it could increase the possibility of scams on WhatsApp.
One widely shared post on X was by entrepreneur and author Ankur Warikoo, who said people could create alternate usernames resembling those of influential people and use them to demand money or conduct scams. He wrote that in a country such as India, such an update could be a disaster, especially if WhatsApp does not set up the right anti-abuse systems.
Warikoo also said most people do not understand verified status. In such a case, he said, identity cannot be verified by calling the phone number because, with usernames, privacy becomes the point of the feature.
YouTuber Dhruv Rathee also commented on the matter, saying platforms such as Meta do not care enough about safety. He also shared a Reuters article on Meta earning revenue through fraudulent advertisements.
Other users raised similar concerns. X user Dhani Gujar wrote, “WhatsApp username feature has been introduced in the name of privacy, but in a country like India, it could become a haven for scammers.”
Gujar said India had “850 million users, mostly ordinary people”, and that messages soliciting money from accounts using fake usernames could start flooding in. Earlier, users could verify identities or make phone calls using phone numbers, Gujar said, adding that with usernames, “that safeguard will now be lost”.
“WhatsApp should first implement robust verification and reporting systems and anti-impersonation tools. Otherwise, WhatsApp risks becoming a hub for scams, just like Telegram. Privacy is important, but it shouldn’t come at the cost of safety,” Gujar wrote.
Users flag privacy risks
Users have also flagged concerns on platforms such as Reddit. One user asked, “As we all know, there is a new WhatsApp username feature where we can add our username. Mostly everyone uses their own Instagram username. So, I just have a doubt that if some unknown person can contact me from my Instagram to my WhatsApp using this username feature, where my username is used for both, isn’t that concerning?”
Another Reddit user posted screenshots showing they had kept their username as ‘narendra.modi’. The post highlighted how easily certain usernames can be claimed and how this can raise cybersecurity concerns.
Several experts have also spoken on the matter.
“If WhatsApp switches from phone numbers to usernames, then hacking and scam possibilities will increase very easily. In India, not only youngsters but also middle-aged and elderly people use WhatsApp regularly, and many of them are not very tech-friendly,” said Chetanya Khattar, a senior trainer at the Delhi School of Skill Development.
Khattar said users may trust a person immediately if they see the name and profile picture of a relative. “So, if somebody copies a relative’s display picture and name and asks for money or help, people can be convinced very easily. Through this, the chances of scams and data breaches become very high,” he said.
He added that “India provides some of the cheapest internet in the world”, which has led to a massive user base and high mobile usage. “Because of all these factors together, the possibility of scams automatically becomes much higher,” he said.
Elderly at greater risk
Meta has also introduced a setting that lets people set unique keys on WhatsApp, so only those who know the key can contact the account. This is intended to prevent users from being spammed or contacted against their wishes. However, such settings are still not widely known or easily understood by elderly users or those who are not technically confident.
The Chief Executive Officer of Threat ResQ Technologies also said older users are at greater risk of being scammed. He said younger users may be more aware of who is trying to contact them, while older generations could struggle if the WhatsApp interface changes significantly.
“Many people above the age of 40 already struggle with understanding digital platforms and online settings. For them, learning and managing features like usernames, keys, and privacy settings can become very difficult, which may leave them more exposed to scams,” he said.
Adding to this, Shivam Kumar, a cybersecurity expert from Veridical Technology, said the responsibility lies with Meta to create an interface that is easy for all users to understand.
Kumar said technology is constantly changing, and such updates cannot be resisted altogether. “The responsibility here is on Meta to make it simple, enable safe settings by default, and educate users properly. We can’t expect messaging apps to rely on phone numbers forever just because that’s what we’ve always used,” he said.
Police workload
The update could also affect cybercrime investigations in India. Sub-Inspector Naresh Kumar said the Cyber Cell has expressed concerns to the government over the impact such policies could have on crime investigation.
“Previously, if any WhatsApp number were found, the police department would trace it on its own. If the username system is put in place, the Cyber Cell will have to take part in every investigation to determine who the account belonged to. This increases our workload significantly,” he said.
Kumar added that there are already many cases of mistaken identity online, and such an update could exacerbate the problem.
