An app that has been growing in popularity, especially among users in the Middle East, is ToTok. This app that has been developed in the UAE allows the users to connect with their family and friends through messaging and calling, without restrictions.
Intelligence officials from the USA have indicated that this could have been created with the intention of surveillance and transfer of data and to the government of the United Arab Emirates.
Following this, the app has been removed from the Apple App store as well as the Google Play Store. Until the app is uninstalled from your phones, the app will remain functional and continue to transmit data. The screening process of the app stores is not fool-proof and certain applications do pass through without being suspected of malicious intent. With the warning in place, Patrick Wardle, a security researcher at Jamf, advises the users to “Remove it”. It is under research at the moment.
Though ToTok claimed to be a fast and secure platform, it misses out on “end-to-end encryption”, a feature that keeps the users’ data secure from snoops. The only encryption that was claimed was for the data.
The app was lucrative for the users, especially in the UAE, as it offered unlimited calling – voice and video, along with messaging as long as you have internet connectivity. This itself is a warning as the UAE government places several functionality restrictions on most communication apps such as WhatsApp and Skype. Strangely, ToTok was able to let users enjoy several features for free and without using a VPN.
The developer, Breej Holding released the app in July this year in UAE. Owing to its lack of restrictions, the appeal spread to the rest of the Middle East and then to the other parts of the world. It rose on the popularity charts and was even trending on the app stores.
The app was not developed from scratch but was based on the code of YeeCall, a Chinese app, possibly via an agreement between the two developers. Breej does not have much experience in the digital field and could be a cover for DarkMatter, an intelligence firm based in Abu Dhabi under contract with the UAE government.
Wardle observed that the app runs in the background even when not being used. It works normally like any other communication app, but what is not known is who has access to the data and this could be a worrying factor, combined with unrestricted access granted in the UAE.
This revelation is also likely to put other chat applications that have ties with countries with repressive governments under scrutiny.