New Report Reveals Widespread Misunderstanding of Consumer Messaging App Security Across Government and Critical Infrastructure

• 83% report WhatsApp is used for sensitive discussions, despite widespread misunderstanding of what encryption protects

• 98% rely on platforms unable to deliver the sovereign control they say they want
• 90% of organizations say they are crisis-ready, yet only 49% have unified crisis communications platforms

WATERLOO, ON / ACCESS Newswire / April 21, 2026 / BlackBerry Secure Communications, a division of BlackBerry Limited (NYSE:BB)(TSX:BB), today released The State of Secure Communications 2026, a survey of 700 security decision-makers across government and critical infrastructure in the United States, the United Kingdom, Canada, and Singapore. The findings reveal a widening gap between confidence in communications security and the reality of risk exposure – with significant national security implications. Among the most striking findings: 83% of security leaders report that WhatsApp is being used for sensitive discussions inside their organizations.

The Sovereignty Paradox

Ownership and control of the infrastructure behind sensitive communications is emerging as a critical blind spot, exposing gaps in data sovereignty. While 55% prioritize sovereign control, virtually all (98%) rely on foreign-hosted platforms not built for confidential communications or high-security environments. Meanwhile, 52% are concerned telecom networks could be monitored or disrupted – a tangible risk already demonstrated by espionage campaigns targeting network operators, such as Salt Typhoon and more recently, UNC3886 in Singapore.

“Consumer messaging apps were never designed to handle sensitive communications, protect confidentiality, or meet the demands of high-security environments,” said Christine Gadsby, Chief Security Advisor, BlackBerry Secure Communications. “They rely on phone numbers, not verified identities – and encryption protects the channel, not who is on it. That gap is already being exploited, as recent intelligence warnings show, and governments and critical infrastructure organizations are responding by moving toward communications infrastructure they own and trust.”

Confidence Built on Misunderstanding

These findings come as intelligence agencies in the United States, the United Kingdom and Europe issue fresh advisories about state-backed espionage attacks targeting Signal and WhatsApp accounts of public officials and journalists. This highlights how the threat surface is shifting from networks to consumer messaging platforms now embedded in daily critical operations.

Yet 88% of security leaders surveyed expressed confidence in their current messaging app security. That confidence is built on a fundamental misread of what these platforms actually protect, significantly increasing risk exposure. The report reveals critical gaps in encryption literacy among the very leaders responsible for safeguarding communications:

• 52% mistakenly believe encryption protects metadata – including location data, IP addresses, and communication patterns
• 47% believe it prevents impersonation, deepfake, or spoofing attacks
• 41% assume communications remain secure, even after a device has been compromised

This gap between perception and reality is now playing out in real-world incidents, with governments increasing restrictions and warnings about the use of consumer apps for sensitive communications, recognizing that encryption alone does not address the full risk.

The Risks of Improvised Crisis Response

These gaps become most visible when organizations are under pressure. While 90% say they are confident in managing major incidents, fewer than half (49%) have a unified platform to coordinate response.

In practice, the survey shows many rely on a patchwork of everyday tools – from group chats (54%) and email threads (51%) to shared spreadsheets (29%) and phone trees (19%). Familiar as they are, these tools were never designed for crisis coordination, and cannot deliver the real-time visibility, command and control or secure cross-agency communication that major incidents demand.

Limits of “Good Enough” Security

Overall, the findings point to a consistent pattern: security leaders across government and critical infrastructure are relying on communications platforms not designed for the security, sovereignty or crisis demands they now face. The issue is not encryption alone, but architecture. Many consumer platforms generate and retain metadata, operate under foreign data-access laws, and lack the controls required for high-value or classified communications.

As threats evolve, from account compromise to large-scale surveillance, what may appear “secure enough” can quickly become a costly attack surface. The question is no longer whether these platforms are being exploited. It is whether the organizations relying on them recognize the risk.

To learn how BlackBerry Secure Communications is protecting governments and critical infrastructure worldwide with interception-resistant, government-grade secure voice and messaging, visit BlackBerry.com/SecureCommunications.

Survey Methodology

The State of Secure Communications 2026 was conducted by OnePoll on behalf of BlackBerry. The survey included 700 security decision-makers across government and critical infrastructure organizations in the United States, the United Kingdom, Canada, and Singapore.

View the original press release on ACCESS Newswire