Fears over citizens' privacy as Iran reveals new mandatory antivirus mobile app

Flag of Iran on a computer binary codes falling from the top and fading away
(Image credit: Getty Images)

Iranian authorities revealed a new mobile antivirus software which they plan to make mandatory on all phones, for all citizens.

Named Farez, it's a security scanner system that promises to check all the apps on a device for any sign of malware to block those categorized as malicious.

The Iranian Cyber Police, also known as FATA, hasn't disclosed any details on how the system will work in practice. Both citizens and experts now worry that Farez might be another tool for censorship and surveillance.

A state-developed antivirus system

"The Iranian government’s announcement of the Farez antivirus mobile app raises concerns about the privacy and security of its citizens," Azam Jangravi, Information Security Analyst at Citizen Lab, told me.

Jangravi, a women's rights activist, experienced the lengths Iranian authorities will go to when it comes to spying on and silencing activists or any other person standing up against the regime. After being arrested for joining the Girls of Revolution Street movement in 2018, she managed to flee Iran for Canada during her temporary release and escaped a three-year sentence.

She explained that one of the risks of having such a government app installed on phones is that authorities may use the software to "filter the content that the government deems inappropriate."

Looking at Iran's track record, this hardly takes a stretch of the imagination. The government proposed a similar mandatory software in 2011, in fact. So-called SmartFilter, the system was designed to block access to websites the government regarded as unlawful or inappropriate.

Now, one year after the protests erupted in September 2022 fueled by
the death of Mahsa Jhina Amini, Iran has increasingly been using technology as a tool of control. 

VPN service provider Surfshark counted a total of 46 internet disruptions since 2015. Among these, 35 were related to protests, and many of them were enforced following last year's unrest. From internet throttling, blackouts of mobile data, and restrictions of all the major social media platforms, Iranians living in the Zahedan region have regularly been kept in the dark every Friday during prayers ever since. 

See more

If that wasn't enough, "given the history of mobile spyware attributed to Iranian government law enforcement agencies, there are fears that it could be used for surveillance," said Jangravi. This means that FATA's officers might also use Farez to monitor all citizens' online activities.

In February, for example, Citizen Lab researchers discovered evidence that Iranian authorities were working on an "unprecedented" mobile spying system. In some instances, state-backed Iranian hackers have been even using fake VPN apps to spread malware to harvest sensitive data and spy on victims.  

Considering the emphasis of Iran's police deputy chief Qasem Rezaei on officers' roles in "protecting the high values and achievements of the Islamic Revolution," Farez could be easily seen as the missing tile of the country's digital surveillance mosaic. 

So far, explained Jangravi, people's reactions have been divided between those welcoming the security measure and those worrying about software misuse. 

The government hasn't shared what Farez considers when determining if a certain application is dangerous, only stating that it can detect around 60% of known malware. This lack of clarity on how the new mandatory state-developed antivirus app operates is exactly what raised the alarm the most among citizens and human rights groups.    

See more

Another point of contention is how authorities are going to logistically mandate all of Iran’s phone sellers to pre-install the Farez system. That's something that Jangravi expects nonetheless, considering the Iranian government's history.

Some commentators are also speculating that authorities might take advantage to stop and search citizens in public to plant the software on target devices. 

How to stay private in Iran

What's certain at this point is that anyone living or traveling in Iran must be extra careful when using digital devices.

First and foremost, "to stay private on mobile, users should not install apps like this on their devices," said Jangravi. "It is also important to be cautious about what information is shared online and to avoid giving access to government websites."

She also recommends using a reliable Iran VPN every time browsing the web. Short for virtual private network, it's security software that both encrypts internet traffic and spoofs your IP address. This means citizens can better hide their online activities from the government, while granting access to social platforms and websites censored within the country's border.

It's worth mentioning that Iran placed a dubious second as one of the countries enforcing the most VPN censorship this year. As some services might be blocked at times, we suggest downloading different apps to be able to hop from one to another in case of blocks. Our free VPNs guide is handy to discover the most secure freebies out there.

All in all, Jangravi told me: "Please note that this is a complex issue and the situation may change over time. It is important for users to stay informed and to take steps to protect your privacy and security online."

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com