According to the American officials, ToTok, a chat app that has millions of users in the United Arab Emirates and is used for keeping in touch with family and friends, turned out to be a tool that allows the government to spy on its users.
ToTok is an Emirati messenger that was introduced this year and has also been gaining popularity around the world recently, too.
The reason why it is so prevalent in the Middle East is because known apps like WhatsApp, Skype, or FaceTime are blocked there, so people found an alternative that lets them communicate with people they care about for free. In even became the most downloaded messaging platform in the US while also spreading to Asia, Africa, and Europe.
The thing about ToTok is that it is hard to be suspicious about it at first as the app does not require anything that similar messengers don’t: it requests access to user’s contacts, camera, calendar, microphones, and location information allegedly to provide weather forecasts.
As the report claims, the government of the United Arab Emirates gained access to and collected users’ sensitive data that included photos, locations, conversations, and even more. There was no malware involved – common app’s functions that users enabled themselves were used for tracking them.
Breej Holding, a company that developed the app, is believed to be connected to DarkMatter, an Abu Dhabi cybersecurity company that used to hire former analysts from the CIA and National Security Agency. To date, DarkMatter is under an FBI investigation for cybercrimes.
A total of 7.5 million people downloaded and installed ToTok on Google Play store, and 2.3 million people did the same on the App Store. All this in less than five months of the app’s existence. Since the disclosure of this information, the app was removed from both the App Store and Google Play Store. However, if you still have the app installed on your device, it will continue tracking you, so it is advisable to delete it for good. It is also crucial to use encrypted applications to make sure that even developers cannot track your data.
As ToTok team mentions in the company’s blogpost:
Indeed, ToTok is temporarily unavailable in these two stores due to a technical issue. While the existing ToTok users continue to enjoy our service without interruption, we would like to inform our new users that we are well engaged with Google and Apple to address the issue.