- Iranian authorities push citizens to use a domestic messaging application to communicate with their families outside the country
- A security audit revealed that Bale Messenger was not safe; E2EE protection is lacking and shares sensitive user data with the application server
- Iran has experienced an almost total internet breakdown since June 18, 2025, which has an impact on citizens’ ability to communicate and access information
While Iran is entering the fifth day of an almost total communication failure, officials would encourage citizens to turn to a domestic messaging application to stay in touch with their families outside the country.
The FARS press agency – managed by the Islamic revolutionary body body – shared a tweet on Friday June 20, saying that foreign users, as well as residents, can now use the BALE application to communicate with parents and friends during the Internet failure.
There is a problem, however: security researchers previously reported Bale (or Baleh) Messenger as a state monitoring tool. Not only did they find that it was lacking in end -to -end encryption protection, but that it also has censorship and surveillance capacities.
The risks of Bale Messenger
It would seem to be developed by a company with links with the National Bank of Iran, Bale (which means yes in Persian) is an instant messaging application which includes counter-IP voice, a social media platform and even banking services.
Bale claims to use end -to -end encryption (E2EE) to ensure that user cats remain private.
According to data from the Iranian Minister of Communications and Information Technologies, Bale had 16.5 million monthly active users in May 2023.
Given its growing popularity, open technology fund safety researchers decided to check the statements of Bale and two other Iranian messaging applications (EITAA and Rubika) with a security audit. The tests were carried out in December 2023 and October 2024 and discovered several vulnerabilities of confidentiality and security.
Do you know?
Iranian authorities have applied heavy restrictions on the Internet against popular Western applications after massive demonstrations in 2022 of the country. This has probably led to a peak in using Bale and other applications developed by Iran.
To begin with, the listeners confirmed that the three applications used different forms of customer-server encryption, but none of the E2EE protections activated, despite government complaints.
More specifically, Bale was found using “a form of encryption which could be easily reversed in the context of the encryption of user’s credit card data” according to the audit.
All applications could also exchange messages with each other via a backend process called Exchange Bus message (MXB), which listeners have confirmed to be state -owned service.
This meant that the application server “could potentially display text messages in clear due to the absence of E2EE in one of the applications”.
The researchers also found evidence of “unexpected transmission of private data”.
Above all, when users click on shared URLs via messages, they seem to be redirected to the Backend server of the application.
“This would effectively allow servers to monitor which websites are consulted by users of the application,” said researchers, judging the tactics “a censorship and surveillance mechanism”.
The BALE application has also proven to share user location data with the application server during authentication.
What experts say
Researchers from Open Technology Fund have concluded their security audit by suggesting to opt for more secure messaging applications that really use E2EE. These include the signal (which also offers proxy anti-censorship servers), the session and the wire.
Iranian Information Security Analyst and Women’s Rights Defender Azam Jangrevi also expressed concerns following the Iranian authorities’ declaration on Friday.
The Iranian regime has reduced internet access, leaving millions disconnected from relatives abroad. Officials are pushing the “Baleh” application, lengthly signaled by activists and unsafe and a state monitoring tool. #InternetFreEdom #Iran #war #iranisraelconflict pic.twitter.com/3mbutogcdsJune 20, 2025
Jangrevi told Techradar: “The application, linked to the National Bank of Iran, raised red flags due to potential spy software integrated into its code.
“With these risks, analysts urge citizens to avoid Baleh for sensitive communication. Instead, they suggest turning to encrypted services such as signal or WhatsApp (via secure VPN), although the quality of connection varies.”
Iran’s Blackout Internet
Iran has suffered from an used breakdown on the internet almost total since June 18, 2025, which has an impact on the ability of citizens to communicate and access information.
Internet connectivity was briefly restored on Saturday June 21 “when the residents were able to exchange messages with the outside world,” Watchdog Netblocks reported, before collapsing in the evening.
The latest Sunday data (see the above image) show that the country remains largely “offline”.
“At 72 hours, decreased telecommunications continue to have an impact on public ability to remain informed and in contact with dear beings,” said Netblocks.
It is in this context that the Iranians were also invited to remove WhatsApp from their smartphones, the managers fearing that the application could be used as a source of strategic information for his opponent in the current conflict.
A series of restrictions imposed by the government also began on June 13 and sparked an increase in the demand for VPN across Iran which has reached peaks of more than 700%.
The authorities, however, seem to target the use of VPN with some of the best VPN applications that do not work at any time.
