A New York Times article has reported that the popular Chat App ToTok in the United Arab Emirates, “ToTok,” is a spying tool designed to help UAE intelligence officers to observe individual talks and activities.
In the UAE, a country where Western messaging apps like WhatsApp and Skype are partially blocked, Chat App ToTok was launched earlier this year and downloaded by millions. It promised “fast, free, and secure” calls and messages and attracted users across the Middle East and beyond, even becoming one of the most popular social apps in the Country last week.
But, citing classified briefings from U.S. intelligence officials and their analysis, the NYT reports that Chat App ToTok is a way for the UAE government to spy on its people directly. Citizens who used the device exchanged texts, photos and videos, and even their location (allegedly monitored to provide weather updates) with information from Emirati intelligence.
The New York Times reports that this is a new development of authoritarian regimes in the context of modern espionage. While many governments routinely hack phones from individuals, not many are setting up a legal system and simply asking for access to their data.
“In this approach, there is an elegance,” said security researcher Patrick Wardle, who performed ToTok’s independent forensic analysis. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what else do you need?”
The New York Times reports that the company running Chat App ToTok, Breej Holding, is probably a front for DarkMatter, a cybersecurity firm based in Abu Dhabi. The software is also linked to Pax AI, a UAE data-mining firm that shares offices with the signals intelligence agency of the Emirates.
Google and Apple have removed the Chat App ToTok from the play store and App Store, so Breej Holding, DarkMatter, and the UAE government still need to comment on the report in the New York Times. FBI also refused to comment. But a spokeswoman for the office told the Times, “It’s always a question of making consumers aware of the potential threats and weaknesses that such systems present while the FBI doesn’t comment anything about specific Apps.”