- Iranian authorities are pushing citizens to use a domestic announcement app to communicate with their families outside the country
- A security audit found that Bale Messenger was not safe; It lacks E2EE protection and shares sensitive user data with the app server
- Iran has experienced an almost total Internet darkness since June 18, 2025, which has an impact on citizens’ ability to communicate and access information
As Iran embarks on the fifth day of an almost total communication interruption, officials allegedly urge citizens to turn to a domestic announcement app to keep in touch with their families outside the country.
Father’s News Agency – which is administered by the Islamic Revolutionary Guard Corps – shared a tweet on Friday, June 20 and said that foreign users as well as the locals can now use the Bale app to communicate with family and friends under internet stops.
However, there is a problem: Security researchers have previously marked Bale (or Baleh) Messenger as a state monitoring tool. Not only did they find that it lacked end-to-end encryption protection, but that it also has censorship and monitoring ability.
The risk of Bale Messenger
Reportedly developed by a company with ties to the National Bank of Iran, Bale (meaning YES in Persian) is an instant messaging application that includes voice-over-IP features, a social media platform and even bank services.
Bale claims to use end-to-end encryption (E2EEE) to make sure users are chatting remain private.
According to data from the Iranian Minister of Communication and Information Technology, Bale had 16.5 million active users monthly from May 2023.
Given its growing popularity, security researchers at Open Technology Fund decided to verify the claims of Bale and two other Iranian Messaging -apps (EITAA and RUBIKA) with a security audit. The tests were performed in December 2023 and October 2024 and revealed several privacy and safety wounds.
Do you know?
Iranian authorities enforced heavy Internet restrictions against popular Western apps following the country’s 2022 massive protests. This has probably led to an increase in the use of Bale and other Iran-developed applications.
To begin with, auditors confirmed that all three apps used different types of client server encryption, but no one had E2EE protection activated despite the government’s claims.
Specifically, Bale was found using “a form of encryption that could easily be reversed in encrypting a user’s credit card data” according to the audit.
All apps could allegedly exchange messages with each other also through a backend process called Message Exchange Bus (MXB), which auditors confirmed was a state-owned service.
This meant that the app server “potentially see plaintext messages due to the lack of E2EE in any of the apps”.
Researchers also found evidence of “unexpected transmission of private data”.
Of crucial importance when users click URLs shared via messages, they appear to be redirected to the application’s backend server.
“This would effectively allow the servers to monitor which sites are seen by users in the app,” researchers explained, and considered the tactics “a mechanism for censorship and monitoring”.
The Bale app also turned out to share users’ location data with the app server while approving.
Which experts say
Researchers at Open Technology Fund concluded their security audit by suggesting choosing safer messaging apps that actually use E2EE. These include signal (which also offers proxy servers against censorship)), session and thread.
Iranian information security analyst and women’s rights lawyer Azam Jangrevi also raised concerns after Friday’s statement from the Iranian authorities.
Iran’s regime has cut internet access, leaving millions interrupted from loved ones abroad. Officials push the “Baleh” app, long marked by activists as uncertain and a tool for state monitoring. #Internetfreedom #iran #war #iranisraelConflict pic.twitter.com/3MButogcdsJune 20, 2025
Jangrevi said to Techradar: “The app tied to the National Bank of Iran has raised red flags due to potential spyware embedded in its code. Key problems include unauthorized monitoring, access to remote unit and metadata collection, especially targeted at people with political or social influence.
“With these risks, analysts encourage citizens to avoid Baleh for sensitive communication. Instead, they suggest turning to encrypted services such as signal or WhatsApp (via safe VPNs), although the connection quality varies.”
Iran’s Internet Blackout
Iran has suffered an almost total internet blackout since June 18, 2025, which has an impact on citizens’ ability to communicate and access information.
Internet connection was briefly restored on Saturday (June 21) “as residents could exchange messages with the outside world, internet watchdog reported Netblocks before collapsing again in the evening.
The latest data from Sunday (see picture above) shows that the country remains largely “offline.”
“For 72 hours, diminished telecommunications still affect the public’s ability to stay informed and in contact with loved ones,” Netblocks noted.
It is in this context that Iranians were also asked to delete WhatsApp from their smartphones, with officials who fear that the app can be used as a source of strategic information for its opponent in the current conflict.
A number of state imposed restrictions also began on June 13 and triggered an increase in VPN demand over Iran, reaching tops of over 700% increase.
However, the authorities seem to target VPN use with some of the best VPN apps that now reportedly do not work at all times.
