Advertisement

UAE government using popular chat app ToTok to spy on citizens: report

 In this Oct. 27, 2013 file photo, a worker looks at his mobile phone at the newly opened Al Maktoum International Airport in Dubai, United Arab Emirates.
In this Oct. 27, 2013 file photo, a worker looks at his mobile phone at the newly opened Al Maktoum International Airport in Dubai, United Arab Emirates. (Patrick Castillo/Emarat Al Youm via AP, File)

A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a newspaper report.

The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, The New York Times reported, citing U.S. officials familiar with a classified intelligence assessment and the newspaper’s own investigation.

READ MORE: Popular video app TikTok is a national security threat, U.S. senators say

The Emirates has long blocked Apple’s FaceTime, Facebook’s WhatsApp and other calling apps. Emirati media has been playing up ToTok as an alternative for expatriates living in the country to call home to their loved ones for free.

The Times says ToTok is a few months old and has been downloaded millions of times, with most of its users in the Emirates, a U.S.-allied federation of seven sheikhdoms on the Arabian Peninsula.

Story continues below advertisement

Government surveillance in the Emirates is prolific, and the Emirates long has been suspected of using so-called “zero day” exploits to target human rights activists and others.

Zero days exploits can be expensive to obtain on the black market because they represent software vulnerabilities for which fixes have yet to be developed.

Click to play video 'Security concerns over Chinese-owned apps, like TikTok' Security concerns over Chinese-owned apps, like TikTok
Security concerns over Chinese-owned apps, like TikTok – Oct 25, 2019

The Times described ToTok as a way to give the government free access to personal information, as millions of users are willingly downloading and installing the app on their phones and blindly giving permission to enable features.

As with many apps, ToTok requests location information, purportedly to provide accurate weather forecasts, according to the Times. It also requests access to a phone’s contacts, supposedly to help users connect with friends. The app also has access to microphones, cameras, calendar and other data.

Story continues below advertisement

A security expert who said he analyzed the app for the Times, Patrick Wardle, said that ToTok “does what it claims to do” as a communications app, which is the “genius” of the app if it is being used as a spy tool. “No exploits, no backdoors, no malware,” he wrote in a blog post. The app is able to gain insights on users through common functions.

READ MORE: Chinese social media app WeChat to fix ‘bug’ that mistranslates Canada flag emoji

In a blog post Monday, ToTok did not respond directly to Sunday’s Times report, but said that with “reference to the rumors circulated today about ToTok,” the one goal of the app’s creators was to create a reliable, easy-to-use communications platform. The post said ToTok had high-security standards to protect user data and a privacy framework that complied with local and international legal requirements.

ToTok said the app was temporarily unavailable in the app stores from Google and Apple due to a “technical issue.”

The Times says that based on a technical analysis and interviews with security experts, the company behind ToTok, Breej Holding, is most likely affiliated with DarkMatter, an Emirati cybersecurity company that has hired former CIA and National Security Agency analysts and has close business ties to the Emirati government.

Emails sent to ToTok through its website and to the Emirates embassy in Washington were not immediately returned.

Advertisement