Last month, both Google and Apple removed a popular social message app called ToTok from their official app stores. The decisions came after the US intelligence officials told the New York Times that the United Arab Emirates is likely to use the app for state surveillance. The report and subsequent investigation also claimed links between ToTok developer Breej Holding Ltd. and the Emirati government. But by Saturday, Google ToTok had quietly recovered in its Play Store for Android. Apple does not seem to have taken the following steps.

The ToTok imbroglio in which both companies are located addresses the difficulties that app stores face when checking their offer. If an app hides an advertising fraud behind a puzzle game, Apple and Google can detect the behavior and remove the listing. But if an app like ToTok calls itself a VoIP call and message app and does exactly that, it doesn’t necessarily have to detect something sinister. ToTok’s corporate servers can pass user data to the government, but that activity would go beyond Apple or Google visibility.

Consider the web services that you use every day. What do Facebook or Amazon do with the information you give them? Is the NSA getting a firehose of telephone calls and e-mail metadata from American telecom companies and technology companies? (Reminder: that happened.)

“Companies have a very difficult time when it comes to privacy issues that are not immediately perceptible in an app itself.”

Will Strafach, Sudo Security Group

It is a dilemma that Apple and Google faced earlier, to a lesser extent. The secure communication app Telegram has endured countless unsubstantiated accusations that it contains a back door for access from the Russian government. But Apple and Google never deleted the app because of these claims. The hugely popular Chinese social communication app WeChat is considered even more plausible as a funnel for wide oversight by the Chinese government, but it is also available through Google Play and Apple’s App Store around the world. The warning from the intelligence community about ToTok – via the Times report – is perhaps the most direct and useful to date, although Apple and Google are arguably difficult to deal with.

“It’s really an interesting question to think about with WeChat,” says Will Strafach, an iOS security researcher who analyzed the WeChat app for possible signs of its use in surveillance. “I think it is very difficult for companies when it comes to privacy issues that are not immediately perceptible in an app itself. I find it difficult to figure out what the correct answer is on the policy side of the app store. “

The alleged co-founder of ToTok, Giacomo Ziani, said in a statement last week that ToTok had “a productive dialogue with Google, which highlighted some improvements in the app”. He said it seemed that ToTok would be restored on Google Play, but added, “On the Apple side, there is less traction because of the holidays.”

Google declined to comment on its decision to restore ToTok and instead pointed to the original statement: “We take security and privacy breach reports seriously. If we find behavior that violates our policies, we take action.” This seems to imply that when reviewing ToTok, Google found nothing about the app that violates the Play Store policy. Apple said on Monday that ToTok is still not present in the iOS App Store, but the app investigation is ongoing more than two weeks after it started.

In general, Google is known as fairly specific about how rejected or rejected apps violate Play Store policies. Meanwhile, Apple has a reputation with developers for blocking or removing apps without explanation or with only opaque comments.

“If Apple does not restore ToTok, it is an insane precedent to set. Suppose China claims that WhatsApp is a US government monitoring program. Would Apple remove it? Or would Apple investigate all developers submitting apps and try to find out or they’re connected to governments, “says Patrick Wardle, a security researcher at Apple-focused enterprise management company Jamf, who was the first person to publish a technical analysis of ToTok at the end of December.” But when they fix it, it also sets a crazy precedent “In short, every government monitoring app lights up green as long as the app does not violate the App Store policies. That would seriously undermine the claims that Apple cares about its users and their privacy.”

