What you need to know
- ToTok is a popular chat app.
- It's been removed from the App Store by Apple.
- There are concerns that it is a spy tool used by the UAE.
Apple has removed the popular ToTok chat app from the App Store after a New York Times (via 9to5Mac) report said that the app was used by the United Arab Emirates as a spy tool. A classified intelligence assessment also raised concerns.
ToTok might not be a household name yet but lat week it was able to become one of the most downloaded social apps in the United States. However, it has been revealed that it was phoning home to the UAE government. With sensitive data also shared.
It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.
But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.
It's worth noting that the app does not offer end-to-end encryption so anyone with access to the data would be able to read anything and everything. Essentially, no messages sent via ToTok were safe from being read. And the report notes that the company behind ToTok is a front for the UAE government.
A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work.
DarkMatter is under F.B.I. investigation, according to former employees and law enforcement officials, for possible cybercrimes. The American intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.
Pax AI's headquarters operate from the same Abu Dhabi building as the Emirates' signals intelligence agency, which until recently was where DarkMatter was based.
But it seems none of this is news to the US intelligence services who have already warned allies that they shouldn't use the app over fears that it isn't secure.
It was unclear when American intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that American officials have warned some allies about its dangers. It is not clear whether American officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.
If you do or have used ToTok, I'd suggest removing it from your devices as soon as possible.