The ToTok mobile messaging app, developed by a company in the United Arab Emirates and which has recently become popular in the Middle East and elsewhere, was deleted from Google and Apple application stores after suspicion of spying on users.
Apple and Google confirmed on Monday that they have removed the app, whose name closely resembles the much more popular Chinese app TikTok, launched in 2017.
Apple has indicated that ToTok will no longer be downloadable while the firm is investigating the situation. People who have already installed ToTok on their smartphones can continue to use it.
The New York Times published an investigation accusing the UAE intelligence services of having direct access to the messages and video conversations exchanged on ToTok, as well as geolocation data, the contact list, cameras, microphones and calendar of the phone. The American newspaper draws on American intelligence sources and cybersecurity experts.
ToTok, launched this year, is developed by “Breej Holding”, which is actually a front company for DarkMatter, a cyber intelligence and hacking firm linked to the UAE government, according to the Times. A US intelligence report cited by the Times also links ToTok to Pax AI, an artificial intelligence company headquartered in the same building as the UAE listening agency in Abu Dhabi.
In a message published on Monday on its website to respond to “rumors”, ToTok does not deny any of these accusations, and essentially talks about its recent success. The company claims to comply with “local and international legal obligations” in the area of privacy, without saying which ones.
ToTok has confirmed that it is no longer available on the Apple Store and the Google Play Store, but attributes the unavailability to “a technical problem”. Google contradicted this assertion, declaring to AFP:
"We can confirm that we removed the app for a policy issue."
Patrick Wardle, former hacker of the American spy agency National Security Agency (NSA) interviewed by the Times, wrote on a blog that the “genius” of ToTok seemed to be that the application operated legitimately, since users themselves opened the doors to their most personal content, without realizing that they were then potentially exploited by an intelligence service.