1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

ToTok app 'spying tool' for UAE: report

Lewis Sanders IV
December 23, 2019

One of the most popular apps in the Middle East has reportedly been used by Emirati authorities to spy on millions of users. Cybersecurity researchers said the app's design would allow it without exploits or backdoors.

https://p.dw.com/p/3VGeV
A woman takes a selfie
Image: picture-alliance/Photoshot/Xinhua/c. Wenwu

Video and text messaging app ToTok has been flagged as a "spying tool" for the United Arab Emirates (UAE), according to a report published by The New York Times (NYT) late Sunday.

Citing US officials "familiar with a classified intelligence assessment," the newspaper said the app allows it to "track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones."

Apple and Google both subsequently removed the app from the online marketplaces. Google said this had been done for a "policy issue."

The app has previously topped charts in the UAE and boasts users from Europe, the US and the wider Middle East, among other regions and countries.

Read more: Russia-based FaceApp goes viral, gets a closer look

A man takes a selfie with the model of a Chinese drone during the 15th edition of the biennial Dubai Airshow, in Dubai
Cybersecurity researchers showed that the app didn't require back doors or exploitsImage: picture-alliance/Photoshot/Z. Dingzhe

'Temporarily unavailable'

In the UAE, most Voice over Internet Protocol (VoIP) apps are banned, including the likes of WhatsApp and Skype. That made ToTok an attractive alternative for users in the UAE.

The app was pulled from Apple and Google's app stores.

ToTok issued a statement on Sunday saying that its app was "temporarily unavailable in these two stores due to a technical issue."

It said the app was still operational for users with Samsung, Huawei and Xiaomi phones, among others.

Read more: Germany debates stepping up active cyberoperations

Easy 'mass surveillance'

Patrick Wardle, a cybersecurity researcher approached by NYT, published a technical analysis before the report under the headline: "Mass Surveillance, is an (un)Complicated Business."

Wardle said his technical analysis "showed the ToTok simply does what it claims to do … and really nothing more."

"Assuming the claims that ToTok is actual designed to spy on its users, this 'legitimate' functionality of the app is really the genius of the whole mass surveillance operation: no exploits, no back doors, no malware," he wrote.

"Again, just 'legitimate' functionality that likely afforded in-depth insight in a large percentage of the country's population."

Read more: Germany struggles to step up cyberdefense

Every evening, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.