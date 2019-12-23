Loading...

Apple has removed ToTok from the App Store after a secret intelligence assessment and a New York Times investigation said the app was an espionage tool used by the United Arab Emirates.

The chat app, which became one of the most downloaded social apps in the US last week, turned out to provide highly sensitive personal information to the UAE government …

The NYT piece said that the popularity of ToTok was first established in the UAE, where other messaging apps are banned, but have since made their appearance in the US and elsewhere.

It is billed as an easy and secure way to video and text chat with friends and family, even in a country that has limited popular messaging services such as WhatsApp and Skype.

But the service, ToTok, is actually a spy tool, according to US officials who are familiar with a secret intelligence assessment and a New York Times investigation into the app and the developers. It is used by the Government of the United Arab Emirates to track every conversation, every movement, relationship, appointment, sound and image from those who install it on their phones.

Introduced just a few months ago, ToTok was downloaded millions of times from the Apple and Google app stores by users in the Middle East, Europe, Asia, Africa, and North America. Although the majority of users are in the Emirates, ToTok has become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm […]

A technical analysis and interviews with computer security experts have shown that the company behind ToTok, Breej Holding, is probably a front company affiliated with DarkMatter, a Abu Dhabi-based cyber intelligence and hack company where intelligence officers from Emirati, former employees of the National Security Agency and former Israeli military intelligence services.

DarkMatter is under F.B.I. investigation, according to former employees and law enforcement officials, into possible cyber crime. The US intelligence assessment and technical analysis also linked ToTok to Pax AI, a data mining company in Abu Dhabi that appears to be tied to DarkMatter.

The Pax AI head office operates from the same Abu Dhabi building as the Emirates Signal Office, where DarkMatter was located until recently [photo above].

American intelligence services already knew this, according to the report, and had warned the allies not to use it.

It was unclear when US intelligence services first determined that ToTok was a tool for Emirati intelligence, but a person familiar with the assessment said US officials warned some allies about its dangers. It is not clear whether US officials have confronted their counterparts in the Emirati government with the app. A digital security expert in the Middle East, who spoke about the condition of anonymity to discuss powerful hacking tools, said high Emirati officials told him that ToTok was indeed an app developed for users in the Emirates and to follow beyond.

Because the app does not use end-to-end coding, the service can read all messages freely.

Both Apple and Google removed the app from their stores after the NYT contacted them.

Photo: Shutterstock

