BlackBerry Report: Governments Rely on WhatsApp Despite Widespread Misunderstanding of Messaging Security
scsecApril 26, 20261 Mins read 
A new report from BlackBerry Secure Communications highlights widespread confusion among government and critical infrastructure decision-makers about the security of consumer messaging apps, with many still relying on platforms like WhatsApp for sensitive communications.
The research, based on a survey of 700 security decision-makers across the US, UK, Canada, and Singapore, found that 83% of respondents use WhatsApp for sensitive communications. This makes it the most commonly used tool, ahead of personal email at 54% and Microsoft Teams at 50%.
Despite official guidance and repeated security warnings, many organizations appear to misunderstand what encryption actually protects. The report found that 52% of respondents incorrectly believe encryption also secures metadata such as location data, IP addresses, and communication patterns. Additionally, 47% believe encryption can prevent impersonation, spoofing, or deepfake-based attacks. More than 40% also assume communications remain secure even if a device has already been compromised.
BlackBerry Secure Communications chief security advisor Christine Gadsby emphasized that consumer messaging apps were not built for high-security environments. She explained that these platforms rely on phone numbers rather than verified identities, and while encryption protects the communication channel, it does not guarantee who is on the other end.
According to the study, only 10% of respondents fully understand what encryption actually protects, while more than 70% view end-to-end encryption as a complete security solution. Misunderstandings about encryption were consistent across all surveyed countries, ranging from 89% to 91% agreement on incorrect assumptions.
Researchers concluded that there is a clear mismatch between organizational expectations and the actual capabilities of messaging platforms. Many organizations believe they are protected, while still using tools that do not meet their security needs.
The report also pointed to broader systemic issues, including vendor marketing that overstates security capabilities, procurement processes that fail to independently verify claims, and a general tendency to assume that visible security features equate to complete protection.
Meanwhile, intelligence agencies in the US, UK, and Europe have repeatedly warned about the risks associated with messaging apps. Recent alerts from the FBI, CISA, and the UK’s National Cyber Security Centre highlighted that Russian-linked actors have been bypassing encryption protections in commercial messaging platforms to compromise accounts belonging to government officials, military personnel, political figures, and journalists. Similar activity has also been attributed to threat groups linked to China and Iran.
1 Comment
Leave a Reply
Related Articles
UK Opens Formal Investigation Into Telegram Over CSAM and Child Safety Compliance Concerns
The United Kingdom’s communications regulator, Ofcom, has launched a formal investigation into...
Over 1,500 Perforce Servers Still Expose Sensitive Source Code and Critical Data to Attackers
Thousands of internet-facing Perforce P4 servers are still exposing sensitive data due...
NGate Malware Hijacks NFC Payments on Android to Steal Card Data
A newly discovered variant of the NGate Android malware is targeting users...
Global Crackdown Shuts Down DDoS-for-Hire Empire, Exposing Millions of Cybercriminals
Operation PowerOFF Dismantles Major DDoS-for-Hire Network An international law enforcement operation, known...
This report highlights a serious gap between perceived and actual security in government communications. The heavy reliance on consumer apps like WhatsApp for sensitive discussions shows a lack of awareness about what encryption does and does not protect. Clearer training and stricter communication policies are needed, especially for critical infrastructure and government sectors, to reduce exposure to metadata leaks and impersonation risks.