{"id":1364,"date":"2018-12-17T17:20:48","date_gmt":"2018-12-17T17:20:48","guid":{"rendered":"http:\/\/www.iransos.com\/en\/?p=1364"},"modified":"2018-12-24T17:33:51","modified_gmt":"2018-12-24T17:33:51","slug":"why-did-telegram-warn-users-that-iranian-versions-of-the-telegram-app-talaeii-and-hotgram-are-unsafe","status":"publish","type":"post","link":"https:\/\/www.iransos.com\/en\/?p=1364","title":{"rendered":"Why Did Telegram Warn Users That Iranian Versions of the Telegram App\u2014Talaeii and Hotgram\u2014Are \u201cUnsafe\u201d?"},"content":{"rendered":"

Iranian Client Apps Are Violating Telegram\u2019s Terms of Service by Failing to Protect User Data<\/p><\/div>\n

December 17, 2018 \u2013 In response to a rising chorus of concerns by internet security experts, Telegram, the widely used instant messaging app, has issued a\u00a0warning\u00a0to users of the Iranian-made versions of Telegram (known as \u201cclient apps\u201d), Telegram Talaeii and Hotgram, which reportedly have 30 million users between them, that the apps are \u201cunsafe.\u201d<\/p>\n

\u201cWarning! The app you are using was not made by Telegram and is unsafe. We can only guarantee your safety if you use official Telegram apps,\u201d said a\u00a0message\u00a0that appeared when users first logged on to the apps on December 15, 2018.<\/p>\n

The Center for Human Rights in Iran (CHRI) welcomes this move by Telegram. Five months before the company issued the warning, and again a week before the advisory was issued, CHRI had reached out to Telegram urging it to inform users that the Iranian government can access and monitor private user activities on the modified Telegram Talaeii and Hotgram apps.<\/p>\n

\u201cNow that Telegram has deemed these apps \u2018unsafe,\u2019 the natural next step would be discontinuing their access to Telegram\u2019s servers since they violate Telegram\u2019s own Terms of Service,\u201d said Amir Rashidi, an internet security researcher at CHRI.<\/p>\n

According to the \u201cPrivacy and Security\u201d section of Telegram\u2019s Terms of Service, all client apps must \u201cguard their users\u2019 privacy with utmost care\u201d and comply with its security guidelines. Telegram also reserves its right to \u201cdiscontinue\u201d the apps\u2019 access to Telegram\u2019s\u00a0Application Programming Interface\u00a0(API) if those terms are violated.<\/p>\n

Other big social media companies including Facebook have\u00a0blocked\u00a0client apps in the past for violating their terms of service, including in 2018 when Facebook suspended Cambridge Analytica\u2019s access to its API following revelations that it was harvesting private user data.<\/p>\n

Not only can the Iranian government access private user data on the two client apps according to research by\u00a0CHRI\u00a0and the internet freedom organization\u00a0Article19, the apps also censor content that the Iranian government has deemed inappropriate.<\/p>\n

In the following paragraphs, CHRI outlines what these apps are, why they\u2019re unsafe and why Telegram\u2019s important warning merits follow-up action.<\/p>\n

What Are Telegram Talaeii and Hotgram?<\/strong><\/p>\n

The\u00a0Telegram app\u00a0is a cloud-based, mobile and desktop messaging app with a free and open API that enables developers to legally build clone or \u201cclient\u201d versions of the app. In technical terms, the app operates on \u201copen source\u201d code.<\/p>\n

There are currently only two Iranian-developed versions of the Telegram app\u2014\u00a0Telegram Talaeii\u00a0(\u201cTelegram Gold\u201d)\u00a0and\u00a0Hotgram\u2014available on the Iranian app store,\u00a0Cafe Bazaar. The\u00a0original Telegram app\u00a0had a reported 40 million monthly users in Iran before the Iranian government\u00a0banned\u00a0it in April 2018.<\/p>\n

Iran\u2019s order to block Telegram came after months of\u00a0unsuccessful pressure\u00a0on the company by the Iranian Judiciary and state officials to move its servers to Iran and comply with Iranian censorship policies. Hostility to Telegram also increased after protestors used the messaging app during the unrest that broke out across Iran\u00a0in December 2017\/January 2018\u00a0to spread word of the street gatherings.<\/p>\n

After the original Telegram was banned, many people in Iran began using the two Iranian-made client apps, Telegram Talaeii and Hotgram. As of July 2018, they had a combined 30 million users in Iran,\u00a0according to\u00a0Assistant Prosecutor General Abdolsamad Khorramabadi.<\/p>\n

Telegram Talaeii and Hotgram pull data and communicate with the original Telegram\u2019s servers based outside the country. However, because the two apps\u2019 servers are based in Iran, their data and traffic are open to monitoring and hacking by state actors and agencies that can access the apps\u2019 servers at any time.<\/p>\n

Due to the fact that citizens in Iran can be arbitrarily\u00a0arrested and imprisoned\u00a0for their peaceful online activities, CHRI had called on Telegram to clarify that the client apps\u2014Telegram Talaeii and Hotgram\u2014are not owned, operated or regulated by the Telegram company, and to warn users about the apps\u2019 potential security risks.<\/p>\n

This warning became all the more necessary after some Iranian officials stated on the record that the client apps were developed by an Iranian security agency.<\/p>\n

On November 25, 2018, ultra-conservative Member of Parliament Mojtaba Zolnour\u00a0told\u00a0Iran\u2019s parliamentary news agency that \u201cHotgram and Telegram Talaeii have been developed by a domestic security agency and naturally a copy of their information is stored inside the country.\u201d<\/p>\n

\"\"

Screenshot of the code on Telegram Talaeii and Hotgram that informs users a channel has been blocked.<\/p><\/div>\n

In August 2018, CHRI had\u00a0reported\u00a0that the two apps also block content on the original Telegram\u2019s servers deemed inappropriate by the Iranian government, including channels belonging to CHRI, the BBC Persian Service, Paskoocheh (which offers virtual private networks) and dozens of other channels banned by Iran for their political and independent news content or for offering information and tools that can be used to circumvent online censorship.<\/p>\n

Iran has a long history, documented by the UN and international rights organizations, of accessing messaging app data to conduct online surveillance, unlawfully enter accounts, and retrieve private user information despite the fact that such privacy is ostensibly protected in Iran\u2019s\u00a0Constitution. This content is then used to prosecute critics of the state on various national security-related charges in judicial proceedings lacking any semblance of due process.<\/p>\n

Intelligence and security agencies work hand-in-hand with Iran\u2019s judiciary to conduct such operations, and individuals have been imprisoned in Iran on the basis of such unlawfully obtained online content.<\/p>\n

Telegram Talaeii and Hotgram\u2019s Ties to Security Agencies?<\/strong><\/p>\n

Little verifiable information is available about the Iranian company that claims to have developed the two client apps,\u00a0Rahkar Sarzamin Houshmand\u00a0(\u201cSmart Land Solutions,\u201d or SLS). But recent statements by Iranian officials indicate they were developed by or with the support of Iranian security agencies.<\/p>\n

In November 2018, the secretary of Iran\u2019s\u00a0Supreme Cyberspace Council\u00a0(SCC) stated that the Ministry of Information and Communications Technology (Telecommunications Ministry) was planning on buying hardware to enable the apps to function in Iran without communicating with Telegram\u2019s servers based outside the country.<\/p>\n

\u201cThe report we have received is that they claim they can operate independently in a testing environment but of course in order to implement them it requires certain data centers and for that, the Telecommunications Ministry has issued a tender to buy the necessary hardware,\u201d Firouzabadi\u00a0told\u00a0the Fars News Agency, which is affiliated with the Islamic Revolutionary Guard Corps (IRGC), on November 19.<\/p>\n

Firouzabadi also told Fars that the apps had received support from the government of President Hassan Rouhani, who has publicly suggested that he is opposed to the ban on the original Telegram app and who had made\u00a0statements\u00a0in support of\u00a0limited internet freedom\u00a0during both his election campaigns.<\/p>\n

But according to Firouzabadi, the Telecommunications Ministry, which operates under Rouhani, has provided operational assistance to both the apps and offered tenders to create a data center for them.<\/p>\n

The SCC secretary\u2019s statement contradicts an earlier statement by\u00a0Telecommunications Minister Mohammad Javad Azari Jahromi\u00a0who\u00a0stated\u00a0on the record in August 2018, \u201cWe have not supported or helped Hotgram and Telegram Talaeii.\u201d<\/p>\n

The highest level of the Iranian government has also approved Telegram Talaeii and Hotgram. SLS has an operational license from the\u00a0National Cyberspace Center, a branch of the SCC, the top internet decision-making body in Iran which is controlled by Supreme Leader Ali Khamenei.<\/p>\n

Documented Security Flaws<\/strong><\/p>\n

Researchers inside and outside Iran have written about the client apps\u2019 inherent security flaws.<\/p>\n

\"\"

On December 15, all users who logged on to Telegram client apps Telegam Talaeii and Hotgram were told the apps were \u201cunsafe\u201d in both Farsi and English.<\/p><\/div>\n

In 2018, three Iranian internet security researchers reported in statements that were cited by Iranian media\u2014including by the mainstream newspaper\u00a0Hamshahri\u00a0and tech site\u00a0Digiato\u2014that Telegram Talaeii is capable of various security violations.<\/p>\n

These include: stealing Telegram identity verification codes that could be used to access users\u2019 Telegram accounts, expelling admins and deleting their channels without the user\u2019s knowledge and sending and receiving lists of all the people users communicate with along with their usernames.<\/p>\n

Digital security experts at the Talos Security Intelligence and Research Group, which is owned by US tech giant Cisco, have also pointed out security flaws in both the apps.<\/p>\n

\u201cOnce installed, some of these\u00a0Telegram\u00a0\u2018clones\u2019 have access to mobile devices\u2019 full contact lists and messages, even if the users are also using the legitimate Telegram\u00a0app,\u201d said five Cisco Talos experts in a jointly-authored\u00a0blog post\u00a0published November 5, 2018.<\/p>\n

\u201cWe declare with high confidence that these apps should be classified as \u2018greyware.\u2019 It is not malicious enough to be classified as malware, but is suspicious enough to be considered a potentially unwanted program (PUP),\u201d they added.<\/p>\n

Now that Telegram has publicly acknowledged that the Iranian-made client apps are \u201cunsafe,\u201d discontinuing their access to Telegram\u2019s servers would help ensure that the Iranian government does not use Telegram to spy on Iranian citizens.<\/p>\n

\u201cThe onus remains on the Iranian government to lift its ban on the original Telegram app, a ban that was imposed because the company refused to allow Iranian state agencies to access Telegram\u2019s data as well as refused to bow to Iranian censorship policies,\u201d said Rashidi.<\/p>\n

\u201cTelegram should follow through on its warning message by discontinuing these apps\u2019 access to Telegram servers,\u201d he added. \u201cDoing so will send a message to the Iranian government that even big tech companies will not engage in business as usual while the state violates the rights of its citizens,\u201d he added.<\/p>\n

For interviews, contact:
\nHadi Ghaemi
\n+1-917-669-5996
\nhadighaemi@iranhumanrights.org<\/p>\n

Visit our website:\u00a0www.iranhumanrights.org<\/p>\n","protected":false},"excerpt":{"rendered":"

December 17, 2018 \u2013 In response to a rising chorus of concerns by internet security experts, Telegram, the widely used instant messaging app, has issued a\u00a0warning\u00a0to users of the Iranian-made<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[446,377,445],"class_list":["post-1364","post","type-post","status-publish","format-standard","hentry","category-human-rights","tag-hotgram","tag-telegram","tag-telegram-talaeii"],"_links":{"self":[{"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/posts\/1364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1364"}],"version-history":[{"count":1,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/posts\/1364\/revisions"}],"predecessor-version":[{"id":1365,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=\/wp\/v2\/posts\/1364\/revisions\/1365"}],"wp:attachment":[{"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.iransos.com\/en\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}