- Iranian authorities are pressing citizens to use a national messaging application to communicate with their families outside the country.
- A security audit found that Bale Messenger was not safe; E2EE protection lacks and shares confidential users data with the application server
- Iran has been experiencing an almost total Internet blackout since June 18, 2025, impacting the ability of citizens to communicate and access information
As Iran enters the fifth day of an almost total communication blackout, officials are encouraging citizens to resort to a national messaging application to keep in touch with their families outside the country.
The Fars news agency, which is administered by the body of the Islamic Revolutionary Guard, shared a tweet on Friday, June 20, saying that foreign users, as well as the premises, can now use the Bale application to communicate with family and friends during the Internet interruption.
However, there is a problem: security researchers have previously marked Baleh (or Baleh) messenger as a state surveillance tool. Not only found that it lacked end -to -end encryption protections, but also has censorship and surveillance capabilities.
Bale Messenger’s risks
As reported, developed by a company with links with the National Bank of Iran, Bale (which means that in Persian) is an instant messaging application that includes voice features in a low voice, a social media platform and even banking services.
Bale claims to use end -to -end encryption (E2EE) to ensure that users’ chats remain private.
According to the data from the Minister of Communications and Information Technology of Iran, Bale had 16.5 million monthly active users as of May 2023.
Taking into account their growing popularity, security researchers at the Open Technology Fund decided to verify Bale statements and two other Iranian messaging applications (Eitaa and Rubika) With a security audit. The tests were carried out in December 2023 and October 2024 and discovered several vulnerabilities of privacy and security.
Know?
Iranian authorities enforced the strong Internet restrictions against popular Western applications after 2022 mass protests in the country. This has probably led to an increase in the use of Bale and other applications developed by Iran.
To begin with, the auditors confirmed that the three applications used different forms of client client encryption, but none had enabled E2EE protections, despite government claims.
Specifically, Bale was found using “an encryption form that could be easily reversed in the context of encrypting a user’s credit card data” according to the audit.
According to reports, all applications could also exchange messages with each other, through a backend process called Exchange Bus (MXB) message, which auditors confirmed that it was a state service.
This meant that the application server “could see text messages without format due to the lack of E2EE in any of the applications.”
The researchers also found evidence of “unexpected transmission of private data.”
Crucially, when users click on the URLs shared through messages, they seem to be redirected to the Back -End of the application.
“This would effectively allow servers to monitor which websites are seen by users within the application,” the researchers explained, considering the tactic “a mechanism for censorship and surveillance.”
It was also found that the Bale application shared user location data with the application server during authentication.
What experts say
Open Technology Fund researchers concluded their security audit by suggesting safer messaging application options that really use E2EE. These include signal (which also offers proxy anti-censura), session and cable.
The Iranian information security analyst and the defender of women’s rights Azam Jangrevi also raised concerns after the Friday statement of the Iranian authorities.
The Iran regime has reduced Internet access, leaving millions disconnected from loved ones abroad. The officials press the “Baleh” application, marked by activists as insecure and a tool for state surveillance. #InternetFREEDOM #IAN #WAR #iRANISRAELCONFLT Pic.twitter.com/3mbutogcdsJune 20, 2025
Jangrevi told Techradar: “The application, linked to the National Bank of Iran, has raised the red flags due to an integrated spyware potential within its code.
“With these risks, analysts urge citizens to avoid Baleh for sensitive communication. Instead, they suggest resorting to services encrypted as Signal or WhatsApp (through vpn safe), although the quality of the connection varies.”
Iran Internet Blackout
Iran has been suffering an almost total Internet blackout since June 18, 2025, which promotes the ability of citizens to communicate and access information.
Internet connectivity was briefly restored on Saturday (June 21) “when residents could exchange messages with the outside world,” Netblocks Internet surveillance networks reported, before collapsing again at night.
The last data on Sunday (see image above) show that the country is still a large “offline”.
“At 72 hours, decreased telecommunications continue to impact the public’s ability to stay informed and in contact with their loved ones,” Netblocks said.
It is in this context that Iranians were also asked to eliminate WhatsApp from their smartphones, with officials who fear that the application can be used as a source of strategic information for their opponent in the current conflict.
A series of restrictions imposed by the Government also began on June 13 and caused an increase in VPN demand in Iran that reached peaks of more than 700% increase.
However, the authorities seem to be aiming at the use of VPN with some of the best VPN applications that now do not work at all times.
You may also like
