U.S. House Bans WhatsApp Over Data Security Concerns

The U.S. House’s Chief Administrative Office has implemented a ban on the WhatsApp messaging app for use on government devices by congressional staffers. This decision was made due to concerns over the app's lack of transparency in protecting user data, which the Office of Cybersecurity deemed high-risk. The ban comes as part of a broader effort by Congress to limit the use of applications and AI programs that pose similar risks.

The Chief Administrative Office has recommended several alternative messaging apps for staffers to use, including Microsoft Corp’s Teams platform, Amazon’s Wickr, Apple’s iMessage, and FaceTime. The directive to staffers is clear: they are not to download or keep the WhatsApp application on any House-managed device, including mobile, desktop, or web browser versions. Staffers who currently have WhatsApp on their devices will be contacted to remove it.

In response to the ban, a spokesperson for WhatsApp's parent company, META, expressed disagreement with the characterization of the app. Andy Stone acknowledged that members of Congress and their staff regularly use WhatsApp and expressed a desire for House members to join their Senate counterparts in using the app. Stone highlighted that messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients can see them, and not even WhatsApp itself. This level of security, Stone argued, is higher than that offered by many of the apps on the CAO’s approved list.

The CAO, however, maintains that alternatives such as Microsoft Teams, Wickr, Signal, iMessage, and FaceTime are acceptable and secure options. The office also warned staffers about potential phishing scams and texts from unknown numbers, emphasizing the importance of vigilance in protecting sensitive information.

This ban on WhatsApp is not an isolated incident. In January 2025, approximately 100 journalists and members of civil society using WhatsApp were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software. The victims were alerted to a possible breach of their devices, and WhatsApp confirmed that around 90 users had been targeted and compromised. The company could not identify the clients who ordered the alleged attacks, and it did not disclose the locations of the victims.

Paragon’s software, known as Graphite, has features similar to NSO Group’s Pegasus spyware. Once a phone is infected with Graphite, the spyware operator gains total access to the device, including the ability to read messages sent via encrypted applications like WhatsApp. This incident underscores the security risks associated with using apps that lack transparency in data protection.

The U.S. House has previously banned other tech companies and applications due to security concerns. In July 2024, the CAO banned staffers from using ByteDance, the parent company of TikTok, on official congressional devices. The division’s cybersecurity team cited TikTok’s ties to China as a national security threat, leading to the blocking and removal of all ByteDance products from House-managed devices and app stores. This ban included Capcut, Hypic, Lark, and Lemon8.

In March 2024, the House also banned the use of Microsoft Copilot, an AI-based chatbot, due to concerns over the potential leakage of House data to non-House-approved cloud services. The ban on AI tools followed similar actions by other tech companies, such as Samsung, which restricted the use of generative AI through its personal computers in May 2023. The White House also released new policies on AI use in Federal agencies in April 2025, aiming to maintain U.S. leadership in AI by championing the development of unbiased AI systems.