Pierluigi Paganini
June 24, 2025
The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT, ByteDance apps, and Microsoft Copilot.
“nuto has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use,” reads an email sent by Chief Administrative Officer and obtained by Axios.
“If you have a WhatsApp application on your House-managed device, you will be contacted to remove it.”
“House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products.” continues the email.
House staff are strictly prohibited from using or downloading WhatsApp on any House device.
The CAO approved Microsoft Teams, Wickr, Signal, iMessage, and FaceTime as WhatsApp alternatives and warned staff to avoid phishing and unknown texts.
Meta is disappointed by the US decision.
“We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms.” said Andy Stone, a Meta spokesperson. “We know members and their staffs regularly use WhatsApp and we look forward to ensuring members of the House can join their Senate counterparts in doing so officially.”
We disagree with the House Chief Administrative Officer’s characterization in the strongest possible terms. We know members and their staffs regularly use WhatsApp and we look forward to ensuring members of the House can join their Senate counterparts in doing so officially. https://t.co/QsUPKaiAmU
— Andy Stone (@andymstone) June 23, 2025
Stone noted WhatsApp messages are end-to-end encrypted by default, providing stronger security than most apps on the CAO’s approved list, which lack this protection.
“Messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients and not even WhatsApp can see them. This is a higher level of security than most of the apps on the CAO’s approved list that do not offer that protection.” the company spokesman added.
The House has banned other apps as well, including TikTok, OpenAI ChatGPT, and DeepSeek.
In March 2025, WhatsApp addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals.
The Meta-owned company blocked a spyware campaign by Paragon targeting journalists and civil society members after reports from the Citizen Lab group at the University of Toronto. The company confirmed that the issue was fixed in December 2024 without a client-side update, and no CVE-ID was assigned.
In February, Meta announced that it had discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite).
The hacking campaign targeted 90 users and was disrupted in December, WhatsApp immediately alerted targeted users of a possible compromise of their devices.
The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.
Meta experts said threat actors used a “zero-click” exploit to compromise target devices without user interaction. The company did not disclose the locations of the targeted individuals.
The instant messaging firm sent Paragon a “cease and desist” letter and announced it was exploring the possibility of starting a legal action.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, mobile)
