Investigations

The Role of Domestic Messaging Apps in Iran’s Information Controls 

Iran's domestic messaging apps continue to be a major privacy and security concern as further evidence of them forcing users onto these platforms emerge.

Just under three years have passed since Filterwatch wrote about the significance and dangers of Iran’s domestic messaging apps. We are seeing increasing instances of major privacy violations by these apps, as they seek to expand their user base. Although some might argue that these apps still fail to mount a serious challenge to international messaging platforms, their threat profile has only continued to grow over time.

In this investigation, we look at further evidence that has emerged around the measures taken by these domestic platforms to force users to sign up, oftentimes without their consent or knowledge. We will also explore how these apps, despite their slow growth, constitute a major component of internet policy planning in Iran, and will play a significant role in the future of Iran’s internet, and discuss how – given the extent of government involvement in their development and creation – they look set to continue playing a major role in Iran’s ever-developing system of information controls. 

Human Rights and Messaging Apps 

Messaging apps are among the most widely used forms of digital technology today, with popular messaging apps such as WhatsApp and Facebook Messenger (among some others) being accessed by billions of people globally. These apps’ reach extends across a vast range of geographies and demographic groups, and they offer a cheap, fast, and (generally) reliable way to communicate. Over time, these apps have also evolved to take on different functions in addition to being a personal messaging service; such as being able to create large groups or ‘channels’, as well as adding business and e-payment functionalities. 

These features have given messaging apps an even more important role in politically closed countries. The fact that a number of international apps offer encrypted services offer users with more secure options for  communication compared to many alternatives.  At the same time, the ability to reach larger audiences has made them a powerful tool for amplifying the voices of activists, human rights defenders, and journalists, as well as marginalised and minority groups, allowing them to share information, and to organise protests and demonstrations. As a result, issues around the availability of these platforms in closed societies are heavily intertwined with the question of human rights online. 

Authoritarian states around the world have already responded to this perceived threat, with many of them filtering (whether permanently or only during politically sensitive periods) messaging apps such as Telegram, WhatsApp, and Signal.

Messaging Apps in Iran 

Iran has been at the forefront of censorship of communication apps and social media platforms, with a long history of blocking these platforms, especially during politically sensitive times. Telegram – which remains one of the most popular messaging apps in Iran – was filtered in 2018 through a judicial order, and in January 2021 the messaging app Signal was blocked for a second time. 

At the same time, Iran has been working on extensive plans for rolling out and popularising domestic equivalents to messaging apps and social media platforms. These efforts can be traced back to the Supreme Council for Cyberspace’s 2017 resolution titled “Policies and Actions Regarding the Organisation of Social Media Messaging Applications”. The document outlines a series of requirements and commitments for investing in, promoting, and facilitating the use of domestic messaging apps, including government-backed financial support and loans for domestic app developers, as well as data tariff discounts for users. The resolution was hugely influential in laying the foundations for the “Managing Social Messaging Apps” bill, which effectively served as the first draft of the highly dangerous and much-discussed “User Protection and Core Online Services” bill (hereafter the “Online Services Bill”) 

Filterwatch has already written about the policies and actions underpinning the development of domestic messaging apps in the past few years. More recently, in September 2020, the SCC published the ‘National Information Network Macro[-Level] Plan and Architecture’ resolution, which emphasised the role of messaging and social media platforms as part of the ‘content’ of Iran’s localised internet project, the National Information Network (NIN). It also established the objective of “expanding the capacity of domestic messaging apps to 50 million users”, a responsibility which has been assigned to the ICT Ministry. 

The State of Iran’s Domestic Messaging Apps  

Iran’s leading domestic messenger apps, such as Rubika, Soroush, Bale and iGap, all have close ties with government entities: 

    • Rubika is a product of one of Iran’s major mobile telecommunication service providers Hamrah-e-Aval (MCI), which is majority owned by the state’s Telecommunication Company of Iran (TCI). 
    • iGap was taken over by the Iranian company, Kian Iranian in 2018. The company’s shareholders include MCI and Parsian Ban. 
    • Soroush, according to the latest available information, is under the ownership of the Islamic Republic of Iran Broadcasting (IRIB). Although it was advertised for auction in 2019, it is unclear if its sale has taken place. It should also be noted that, the messaging app, Soroush Plus, which previously denied being part of Soroush, has been confirmed as belonging to Soroush by the Chair of Soroush’s Board of Directors. 
    • Bale is said to have been created by Sadad Informatics Corporation, which receives  investment from the state-owned National Bank of Iran (Melli Bank). It’s affiliation with the bank is clear as the app also offers payments services and bank transfers. 

While there are a number of apps which are majority owned by private entities, a large number still have government support, either through loans and financial support, or through their dependence upon state-managed ICT infrastructure.

Given Iran’s history of surveillance of online behaviour especially through messaging apps (such as via state-linked Telegram clients which appeared after the filtering of the official Telegram app), close government links, in addition to non-existant or dubious security measures offered by these apps, coupled with technical difficulties,  have naturally deterred Iranian users from using these apps despite various incentives. 

Just under four years since the SCC resolution on messaging apps,the same narrative persists around domestic apps’ failure to make headway against their international competitors – even in the words of Iranian officials and app creators themselves. According to a 2021 poll by the Iranian Students Polling Agency (ISPA), 48.4% of the 1,570 respondents declared that they only use international social media and messaging platforms such as Telegram and Instagram, 22.8% of respondents stated they used both domestic and international platforms, and only 1.8% stated that they solely use domestic platforms such as Soroush, Rubika, and Gap.

The low uptake figures and slow growth of domestic messaging apps are clearly at the forefront of government officials’ minds. In one of the latest sessions of the Joint Special Parliamentary Committee (the committee in charge of reviewing the “Online Services Bill”), Amir Khorakian, Deputy for Legal and Parliamentary Affairs at the National Centre for Cyberspace, offered a report on the performance of domestic messaging platforms. 

According to Khorakian’s report to the Committee there are around “20 million unique users” across domestic applications such as Eita, Soroush Plus, Baleh, and Gap.

Incentives or Enforcement? 

The accuracy of figures offered by Khorakian during the Committee session are difficult to verify, and therefore should be viewed with some caution, especially given the lack of transparency around their sourcing. Even some of Khorakian’s parliamentary colleagues cast doubt on the veracity of the figures: during the same session,Afshin Kolahi, a member of the Commission for Innovative Businesses at Iran’s Chamber of Commerce, Industries, Mines, and Agriculture (ICCIMA) called for the Majles to check the correct figures to base their decisions on, as he said some users were not on the named apps “voluntarily”. The same issue was raised by Jalal Rashidi Kouchi MP during the session, who said that despite never signing up for the messaging app “Bale”, he was informed of an account on the app in his name. Khorakian denied these issues, calling them “rare” or due to “technical issues”. 

Unfortunately for Iran’s internet users, there is much evidence on domestic messaging apps violating individuals rights to privacy and their online freedoms to both boost their user numbers in lieu of organic growth, and forcing users onto their platforms by offering access to other essential services. 

When we wrote about the dangers of domestic messaging apps two years ago, we argued that additional incentives such as offering banking services through these apps would form a major tactic for encouraging users onto these apps. Since then, multiple financial incentives have also been introduced to give preferential treatment to domestic messaging apps, such as 66% discounts in data tariffs for domestic app usage, as well as ISPs offering free data for certain messaging apps. 

More recently, officials from the state-owned enterprise the “Execution of Imam Khomeini’s Order” (EIKO) announced that registration for phase III trials of the Iranian COVID-19 vaccine “COVIran Barakat” had opened via the Iranian messaging app iGap, and a dedicated phone line. The COVIran Barakat vaccine is produced by EIKO, which is under the control of Iran’s Supreme Leader. iGap has also been involved in other concerning developments, such as forcing Islamic Azad University students to download the app in order to obtain a verification code to log onto the institution’s system. 

Additionally, domestic messaging apps – being part of the NIN and hosted on domestic infrastructure – are sometimes (though not consistently) able to stay online via the NIN during internet shutdowns, when access to the global internet is cut off. As Iranian authorities continue to rely on internet shutdowns during sensitive times, some users, both inside and outside Iran may turn to these apps in order to be able to maintain contact with people inside Iran, despite their inherent security risks.  

Over time, these incentives have further expanded, to the point that there is a clear two-tiered ecosystem of online apps and services in Iran: one set of low-cost, higher-speed, but fundamentally insecure domestic services, pitted against higher-cost, lower-speed, and (comparably) secure international services. However, these incentives have still not been enough to radically alter the balance of user behaviours, meaning that more brute force tactics have been deployed to try and drive up domestic apps’ usage figures. One such example, which caused major outrage among Iranian users, was undertaken by the “super application” Rubikas. 

In August 2021, a large number of Iranian social media users including celebrities, sports personalities, and public figures reported seeing accounts and profiles which they had not created on the Iranian Instagram analogue Rubino, which is a core component of the Iranian state backed social media “super app” Rubika. The accounts appeared to have made use of information from Instagram profiles to create mirror profiles on Rubino. Some of these unauthorised accounts were even described to be showing a verified icon on the platform. 

In a statement Rubika claimed that these accounts were likely created by other users, though the app requires a phone number for account creation. Initially, users were able to check if an account had been created in their name via a weblink, however the feature was eventually disabled, forcing users to download the app in order to check for the copied accounts. Meanwhile, Iran’s Cyber Police (FATA), announced that they would investigate the “unauthorised use of personal user data and creation of accounts without [users’] consent.” However, at the time of writing, there was no information on FATA taking any action on Rubika’s behaviour. 

This practice is not unprecedented. In 2018, the messaging app Soroush appeared to create accounts for users without their consent in a similar way, although Soroush denied any involvement. There have been similar incidents with other apps such as Bale, which have received less attention. Despite the outrage and concern from Iranian users, claims of investigations by authorities such as FATA Police often always do not amount to any action. 

The Long Term View 

Undeniably, Iran’s domestic messaging apps have struggled to compete with their international counterparts. While this has been flagged as an issue of concern by authorities, and at times celebrated as a ‘win’ for digital rights in Iran, user numbers and organic growth may nor be the most appropriate metric to judge the success of Iran’s domestic messaging apps. 

As we saw in the policy planning from the SCC, and the work around the “Online Services Bill”, domestic apps are an integral part of the NIN, and are therefore here to stay for the long term, despite the initial setbacks they faced. They play a significant role in the state’s surveillance structure by allowing easier access to information shared via these apps, which have significantly weaker security and privacy standards compared to international apps. Intensive government investment, as well as state involvement and ownership of a number of these apps also means that there will continue to be more incentives to push these apps on users in order to create successful revenue streams. They are also an essential component in the implementation of the authorities vision for ‘layered filtering,’ which will grant different levels of access to the international internet from inside Iran, as approved by the government. 

So while we may not see these apps replacing international apps in the near future, domestic messaging apps will continue to exist alongside them, and will continue to find more dangerous and insidious ways to force users onto their platforms, which can go unreported or unnoticed, and more concerningly, ignored by Iranian authorities. While it is welcome news that Iranians are more aware and concerned about these violations than ever before, more focus should be given to the patterns of privacy violations by Iranian messaging apps and measures taken to force Iranians onto these platforms in order to highlight the significance of their threats to users, and their wider importance in the evolution of Iran’s online surveillance and Internet control systems.