Just in time for Christmas, here’s a friendly reminder that technology isn’t always your friend.
Popular messaging app ToTok has been removed from the iOS App Store and Google Play Store, and if you have it on your phone you should probably remove it from there too. U.S. officials and a New York Times investigation published on Sunday found the app to be a spying tool for the United Arab Emirates, making it much less benign than it initially appears.
ToTok was released on July 27, and quickly grew in popularity in the U.A.E. Other messaging apps such as WhatsApp and Skype are blocked in the country, so users were thrilled to have a free, functional alternative. The app quickly spread to other Middle Eastern countries and then the rest of the world, even trending in the U.S App Store.
However, while it let people chat easily with friends and family without expensive data packages, ToTok was reportedly gathering information on its users’ contacts, locations, and conversations at the same time. Further, it was doing this entirely legitimately — from a certain point of view.
“Our analysis showed that ToTok, simply does what it claims to do… and really nothing more,” former National Security Agency hacker Patrick Wardle wrote in his breakdown of the app. “[It] is really the genius of the whole mass surveillance operation: no exploits, no backdoors, no malware.”
ToTok did what it claimed, in that it functioned as a messaging app. It also explicitly requested access to the phone’s microphone, camera, photos, location, calendar and contacts — all permissions that are often granted to messaging apps.
However, rather than sticking to strictly messaging-app-like activities, ToTok reportedly intended to use that access to surveil its users. And by blocking other chat apps in the country, the U.A.E. practically ensured the app’s success.
“You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone,” Wardle told the New York Times. “By uploading contacts, video chats, location, what more intelligence do you need?”
Even without the help of invasive apps, the U.A.E. is heavily surveilled. Human Rights Watch’s 2019 World Report found that the country “arbitrarily detains and forcibly disappears” people within its borders who criticise the government, including in comments made on social media. The idea that authorities could comb through an individual’s private communications as well is discomforting.
A blog post by ToTok on Sunday made no note of the allegations against the app. Instead, it emphasised ToTok’s “tens of millions of users across hundreds of countries,” thousands of positive reviews, and “high-security standards.” It also addressed its sudden disappearance from Apple and Google’s app stores.
“Indeed, ToTok is temporarily unavailable in these two stores due to a technical issue,” wrote ToTok. “While the existing ToTok users continue to enjoy our service without interruption, we would like to inform our new users that we are well engaged with Google and Apple to address the issue.”
The New York Times report states ToTok was actually removed from Google’s store for violating “unspecified policies”, and that Apple is still investigating the app.
ToTok claims it’s still available on Samsung, Huawei, Xiaomi and Oppo’s app stores, and says that Android users can install it directly from their website. We’d advise against it, though.
“Uninstall it yesterday,” Wardle told Wired.