TZUTC: -0500   
   MSGID: 1209.consprcy@1:2320/105 2cc68680   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Iran encourages citizens to use a messaging app previously flagged as a state   
   surveillance tool   
      
   Date:   
   Mon, 23 Jun 2025 16:13:59 +0000   
      
   Description:   
   Iran-developed application, Bale Messenger was found to lack end-to-end   
   encryption and share users' sensitive data with the app server. Experts warn   
   against their use.   
      
   FULL STORY   
      
   As Iran enters the fifth day of a near-total communication blackout,    
   officials are reportedly encouraging citizens to turn to a domestic messaging   
   app to stay in touch with their families outside the country.    
      
   Fars News Agency  which is managed by the Islamic Revolutionary Guard Corps   
   shared a tweet on Friday, June 20, saying that foreign users, as well as   
   locals, can now use the Bale app to communicate with relatives and friends   
   during the internet outage.    
      
   There's a problem, though: security researchers have previously flagged Bale   
   (or Baleh) Messenger as a state surveillance tool. Not only did they find    
   that it lacked end-to-end encryption protections, but that it also has   
   censorship and surveillance capabilities.   
      
   The risks of Bale Messenger   
      
   Reportedly developed by a company with ties to the National Bank of Iran,    
   Bale (which means Yes in Persian) is an instant messaging application that   
   includes voice-over-IP features, a social media platform, and even banking   
   services.    
      
   Bale claims to use end-to-end encryption (E2EE) to ensure users chats remain   
   private.    
      
   According to data coming from the Iranian Minister of Communications and   
   Information Technology, Bale had 16.5 million monthly active users as of May   
   2023.    
      
   Considering its growing popularity, security researchers at the Open   
   Technology Fund decided to verify the claims of Bale and two other Iranian   
   messaging apps (Eitaa and Rubika) with a security audit . The tests were   
   carried out in December 2023 and October 2024 and uncovered several privacy   
   and security vulnerabilities.   
      
   Do you know?   
      
   Iranian authorities enforced heavy internet restrictions   
   against popular Western apps following the country's 2022 massive protests .   
   This has likely led to a spike in usage of Bale and other Iran-developed   
   applications.    
      
   For starters, auditors confirmed that all three apps employed different forms   
   of client-server encryption, but none had E2EE protections enabled, despite   
   government claims.    
      
   Specifically Bale was found using "one form of encryption that could be    
   easily reversed in the context of encrypting a users credit card data"   
   according to the audit.    
      
   All apps could reportedly exchange messages with each other, too, through a   
   backend process called Message Exchange Bus (MXB), which auditors confirmed   
   was a state-owned service.    
      
   This meant that the app server "could potentially view plaintext messages due   
   to the lack of E2EE in any of the apps".    
      
   Researchers also found evidence of "unexpected transmission of private data".    
      
   Crucially, when users click on URLs shared via messages, they appear to be   
   redirected to the applications backend server.    
      
   "This would effectively allow the servers to monitor which websites are    
   viewed by users within the app," researchers explained, deeming the tactic "a   
   mechanism for censorship and surveillance".    
      
   The Bale app was also found to share users location data with the app server   
   during authentication.   
      
   What experts are saying    
      
   Researchers at the Open Technology Fund concluded their security audit by   
   suggesting opting for more secure messaging apps that actually employ E2EE.   
   These include Signal (which also offers anti-censorship proxy servers ),   
   Session, and Wire.    
      
   Iranian Information Security Analyst and womens rights advocate Azam Jangrevi   
   also raised concerns following Friday's statement from the Iranian   
   authorities. Iran's regime has cut internet access, leaving millions   
   disconnected from loved ones abroad. Officials push the "Baleh" app,long   
   flagged by activists as insecure and a tool for state surveillance.   
      
   Jangrevi told TechRadar: "The app, tied to the National Bank of Iran, has   
   raised red flags due to potential spyware embedded within its code. Key   
   concerns include unauthorized surveillance, remote device access, and    
   metadata collection especially targeting individuals with political or social   
   influence.    
      
   "With those risks, analysts urge citizens to avoid Baleh for sensitive   
   communication. Instead, they suggest turning to encrypted services like    
   Signal or WhatsApp (via secure VPNs ), though connection quality varies."   
      
   Iran's internet blackout   
      
   Iran has been suffering a near-total internet blackout since June 18, 2025,   
   impacting citizens' ability to communicate and access information.    
      
   Internet connectivity was briefly restored on Saturday (June 21) "when   
   residents could exchange messages with the outside world," internet watchdog   
   NetBlocks reported , before collapsing again in the evening.    
      
   The latest data from Sunday (see image above) shows that the country remains   
   largely "offline."    
      
   "At 72 hours, diminished telecoms continue to impact the public's ability to   
   stay informed and in touch with loved ones," NetBlocks noted .    
      
   It's in this context that Iranians were also asked to delete WhatsApp from   
   their smartphones, with officials fearing the app may be used as a source of   
   strategic information for its opponent in the current conflict.    
      
   A series of government-imposed restrictions also began on June 13 and sparked   
   a surge of VPN demand across Iran that reached peaks of over 700% increase.    
      
   Authorities, however, appear to be targeting VPN usage with some of the best   
   VPN apps now reportedly not working at all times.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/vpn/vpn-privacy-security/iran-encourages-citizens-to   
   -use-a-messaging-app-previously-flagged-as-a-state-surveillance-tool   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426