A popular Emirati messaging app called ToTok has been removed from the Play Store and the App Store following a New York Times investigation that alleges it to be a spying tool deployed by the government of the United Arab Emirates (UAE). The investigation, which was done in collaboration with US government officials, seemingly found that it is used by the Emirati government “to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones”.
The app was analyzed by Patrick Wardle, a former US National Security Agency (NSA) hacker who now works as a private cyber-security researcher. According to the report, “It (ToTok) appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences”. As pointed out by the report, even the name itself was an apparent play on the popular Chinese app, TikTok, to confuse users into installing it on their devices.
While ToTok representatives and the US intelligence agency, CIA, have both refused to comment on the issue, an FBI spokesperson told the NYT that: “while the F.B.I. does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose”. Both Google and Apple reportedly removed it from their respective app repositories on Thursday after being contacted by the publication earlier this month.
While it is no longer available for download directly from either Google Play or the Apple App App Store, Android users may still be able to download APKs from third-party websites to install it on their devices. Moreover, users who already have it on their phones or tablets will still be able to continue using it without any problem, said the report.