A magazine produced by the prominent al-Azaim media group, which supports Islamic State’s Khorasan Province (ISKP) branch, has advised IS supporters against using the social media platform, ‘Gem Space’. The warning contradicts the move by IS’s online media disseminator, Naashir, to use Gem Space in December. In its 45th edition published on 28 March, the English-language Voice of Khorasan magazine raised “transparency and data security” concerns about the little-known app.
The publication refuted claims that IS’s central media authority had set up accounts on Gem Space. It reprimanded IS supporters for failing to check the app before reportedly migrating to the platform after Telegram announced in September its willingness to share user data with the authorities.
This statement and warning are interesting given that multiple accounts bearing the name of Nashir News Agency – IS’s official online media disseminator – had in December actively promoted their presence on Gem Space, following disruptions on Telegram, and urged followers to subscribe. From December through early February Gem Space appeared to serve as the main platform for Nashir, until the accounts were eventually taken down by the app. During that period, prominent IS supporters frequently referenced Nashir’s Gem Space presence, with little to no public doubt surrounding the authenticity of the accounts. The latest advice against using Gem Space was offered by VoK as part of a regular column called Light from Darkness, which provides Internet security instructions and tips.
Security concerns
The VoK column raised a number of security concerns about the Gem Space app, mainly because of its alleged lack of transparency. According to the article, unlike Telegram and Signal messaging apps, Gem Space source code is not open-source and therefore the code cannot be independently checked for security vulnerabilities that can be exploited by hackers and government security agencies. In addition, it stated that “there is no evidence of independent cybersecurity audits or external verifications by security researchers”. In contrast, it added ‘trusted platforms’ like Telegram are subject to regular “security audits to validate their encryption and data protection claims”.
One major security concern raised in the column is Gem Space’s alleged lack of transparency about the type of encryption it uses. While the platform’s website claims to offer end-to-end encryption stating it “protects your chats, channels and workspaces from unauthorized access” – its Privacy Policy, last updated 6 February 2025, appears to contradict this, suggesting that chats may not in fact be end-to-end encrypted.
The VoK article claimed that Gem Space “does not provide any technical documentation proving full end-to-end encryption (E2EE) and has no way to confirm message security”. It informed users that the lack of end-to-end encryption means that law enforcement agencies could request and access user’ messages “because they were not fully end-to-end encrypted”.
VoK also cast doubt on the app’s claim of “40+million downloads”, saying its publicity was “fabricated” and the claim of popularity has not been independently verified. It also criticized what it described as the lack of independent reviews of the app. Again, it argued that this is another reason why the app should not be trusted. Another alleged risk factor highlighted by the magazine is that the app’s “ownership details are still unclear”. It cited sources suggesting unconfirmed “Russian connection”. Gem Space itself states it is “operated by Marketspace Solutions…, a company incorporated under the laws of the Republic of Estonia”.
VoK explained potential security implications of the app’s ownership and the country where it is based. It said being hosted in a country with weak privacy laws means that the authorities of that country could demand access to user data, as happened with “Russia-founded” Telegram which “had to relocate to Dubai to avoid government pressure”.
VoK also cites the risks about data collection and user profiling, drawing particular attention to the app’s AI-powered features. Since the app offers AI-powered features, there is a possibility of data collection for AI training, which could compromise user privacy. Without clear terms on data usage, AI integration could be a risk.
The Privacy Policy of Gem Space does not clearly state: How long data is stored. Whether it is sold/shared with third parties. What data do AI-powered features collect? The app has AI-based tools, which might require extensive data collection for AI training.”. This advice was echoed by IS tech group Ansar Electronic Security (AES) on 9 April via its channel on the decentralized platform RocketChat. AES urged IS sympathizers to heed guidance issue by the key pro-IS media group al-Azaim.
AES also sought to allay lingering security concerns allegedly raised by followers about using Telegram. Telegram remains IS’s platform of choice. It is worth noting that in its 43rd edition, published January, VoK had downplayed the impact of Telegram’s changes to its private policy, with the jihadist magazine advising IS online supporters to continue to use the platform. The VoK article went on to claim that Telegram has been analyzed by security experts worldwide, ensuring transparent security claims.
On 15 April, AES briefly discussed the merits of the messaging app Signal and whether it is safe for IS supporters to use. AES suggested that although the app shares Telegram’s powerful encryption and protection of privacy, supporters should wait until it is “officially” recommended by al-Azaim. AES speculated that al-Azaim may still be studying the app to make sure that it is safe to use.