Apple has removed the app ToTok from the iOS App Store after it was found to be used as a spying tool by the UAE government. Launched only a few months ago, the app was downloaded by millions of users in Europe, Asia, Africa, North America, and the Middle East. In fact, the app was the most downloaded social app in the United States last week.
On paper, ToTok is owned by Breej Holding which is likely associated with DarkMatter, a cyberintelligence and hacking firm where former NSA employees, Israeli military intelligence operatives, and Emirati intelligence officials work. The company is already being investigated by the F.B.I for cybercrimes.
The app was listed on the iOS App Store and Google Play Store when the New York Times first contacted Apple and Google regarding the app. On Thursday, Google removed the app followed by Apple on Friday. However, users who had downloaded the app on their phone can continue to use it without any issues.
One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.
The app’s method to track its users was also relatively simple and straightforward.
On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.
Skype, WhatsApp, and other messaging services are banned in the UAE. ToTok offered users there an alternative as it worked without any issues in the region. This led to it becoming extremely popular in the Middle East in a very short time.
If you have the ToTok app installed on your phone and value your privacy, it goes without saying that you should uninstall it right away if you value your privacy.[Via NY Times]