- Iranian authorities are pushing citizens to use a domestic messaging app to communicate with their families outside the country
- A security audit found Bale Messenger wasn’t safe; it lacks E2EE protection and shares sensitive users data with the app server
- Iran has been experiencing a near-total internet blackout since June 18, 2025, impacting citizens’ ability to communicate and access information
As Iran enters the fifth day of a near-total communication blackout, officials are reportedly encouraging citizens to turn to a domestic messaging app to stay in touch with their families outside the country.
Fars News Agency – which is managed by the Islamic Revolutionary Guard Corps – shared a tweet on Friday, June 20, saying that foreign users, as well as locals, can now use the Bale app to communicate with relatives and friends during the internet outage.
There’s a problem, though: security researchers have previously flagged Bale (or Baleh) Messenger as a state surveillance tool. Not only did they find that it lacked end-to-end encryption protections, but that it also has censorship and surveillance capabilities.
The risks of Bale Messenger
Reportedly developed by a company with ties to the National Bank of Iran, Bale (which means Yes in Persian) is an instant messaging application that includes voice-over-IP features, a social media platform, and even banking services.
Bale claims to use end-to-end encryption (E2EE) to ensure users chats remain private.
According to data coming from the Iranian Minister of Communications and Information Technology, Bale had 16.5 million monthly active users as of May 2023.
Considering its growing popularity, security researchers at the Open Technology Fund decided to verify the claims of Bale and two other Iranian messaging apps (Eitaa and Rubika) with a security audit. The tests were carried out in December 2023 and October 2024 and uncovered several privacy and security vulnerabilities.
Do you know?
Iranian authorities enforced heavy internet restrictions against popular Western apps following the country’s 2022 massive protests. This has likely led to a spike in usage of Bale and other Iran-developed applications.
For starters, auditors confirmed that all three apps employed different forms of client-server encryption, but none had E2EE protections enabled, despite government claims.
Specifically Bale was found using “one form of encryption that could be easily reversed in the context of encrypting a user’s credit card data” according to the audit.
All apps could reportedly exchange messages with each other, too, through a backend process called Message Exchange Bus (MXB), which auditors confirmed was a state-owned service.
This meant that the app server “could potentially view plaintext messages due to the lack of E2EE in any of the apps”.
Researchers also found evidence of “unexpected transmission of private data”.
Crucially, when users click on URLs shared via messages, they appear to be redirected to the application’s backend server.
“This would effectively allow the servers to monitor which websites are viewed by users within the app,” researchers explained, deeming the tactic “a mechanism for censorship and surveillance”.
The Bale app was also found to share users location data with the app server during authentication.
What experts are saying
Researchers at the Open Technology Fund concluded their security audit by suggesting opting for more secure messaging apps that actually employ E2EE. These include Signal (which also offers anti-censorship proxy servers), Session, and Wire.
Iranian Information Security Analyst and women’s rights advocate Azam Jangrevi also raised concerns following Friday’s statement from the Iranian authorities.
Iran’s regime has cut internet access, leaving millions disconnected from loved ones abroad. Officials push the “Baleh” app,long flagged by activists as insecure and a tool for state surveillance. #InternetFreedom #Iran #war #IranIsraelConflict pic.twitter.com/3mbuTogCdsJune 20, 2025
Jangrevi told TechRadar: “The app, tied to the National Bank of Iran, has raised red flags due to potential spyware embedded within its code. Key concerns include unauthorized surveillance, remote device access, and metadata collection especially targeting individuals with political or social influence.
“With those risks, analysts urge citizens to avoid Baleh for sensitive communication. Instead, they suggest turning to encrypted services like Signal or WhatsApp (via secure VPNs), though connection quality varies.”
Iran’s internet blackout
Iran has been suffering a near-total internet blackout since June 18, 2025, impacting citizens’ ability to communicate and access information.
Internet connectivity was briefly restored on Saturday (June 21) “when residents could exchange messages with the outside world,” internet watchdog NetBlocks reported, before collapsing again in the evening.
The latest data from Sunday (see image above) shows that the country remains largely “offline.”
“At 72 hours, diminished telecoms continue to impact the public’s ability to stay informed and in touch with loved ones,” NetBlocks noted.
It’s in this context that Iranians were also asked to delete WhatsApp from their smartphones, with officials fearing the app may be used as a source of strategic information for its opponent in the current conflict.
A series of government-imposed restrictions also began on June 13 and sparked a surge of VPN demand across Iran that reached peaks of over 700% increase.
Authorities, however, appear to be targeting VPN usage with some of the best VPN apps now reportedly not working at all times.
Leave a comment