Pierluigi Paganini December 24, 2019

A popular mobile app in the Middle East called ToTok has been removed from both Apple and Google’s online stores because it was a spy tool.

According to a report published by the New York Times, the popular app ToTok was used by the UAE government as a surveillance tool. It has been removed from both Apple and Google online stores because authorities were using it to spy on its users, to track the conversations and movements.

“Apple told AFP that ToTok was removed from its App Store pending a review, while Google said it was taken down from the Play Store ‘for a policy issue.'” reported the AFP agency.

The ToTok app is used by millions of users in the UAE and other countries in the Middle East.

The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance.

“ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former National Security Agency hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.” reads the report published by the NYT.

“ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.”

The popular expert Patrick Wardle published a detailed analysis of the, abuse of the ToTok app for a “mass surveillance operation.”

“Our analysis showed that ToTok, simply does what it claims to do…and really nothing more. Assuming the claims that ToTok is actual designed to spy on it’s users, this “legitimace” functionality of the app, is really the genius of the whole mass surveillance operation: no exploits, no backdoors, no malware, …again, just “legitimate” functionality that likely afforded in-depth insight in a large percentage of the country’s population.” reads the analysis published by Wardle.

“Think about it this way …you’re a (rather surveillance-happy) foreign government who’d love to monitor your citizens. In five easy steps:

1. Ban popular apps such as WhatsApp, Skype
2. Create a free alternative app that provides this banned functionality.
3. Submit the app to the iOS app store, where it’s readily approved by Apple.
4. Create fake reviews & social media posts that recommend the application.
5. Wait as the citizens of your country readily embrace the app and it’s popularity soars.”

Wardle pointed out that the app was tricking its users into allowing it to access their data and location.

The ToTok app was developed by the firm Breej Holding which is supposed to be a “front company” linked with the hacking firm.

The experts speculate that Emirati intelligence officials, former National Security Agency employees, and former Israeli military intelligence operatives work for DarkMatter.

The FBI is currently investigating DarkMatter for its possible involvement in cybercrimes.

ToTok denies any involvement in government surveillance program and revealed that the app was “temporarily unavailable” in both Android and Apple marketplaces “due to a technical issue.”

“While the existing ToTok users continue to enjoy our service without interruption, we would like to inform our new users that we are well engaged with Google and Apple to address the issue,” reads a statement from the company.

Pierluigi Paganini

(SecurityAffairs – ToTok, surveillence)

[adrotate banner=”5″]

[adrotate banner=”13″]