Apple and Google have pulled chat app ToTok from their app stores following reports that the messaging app is actually a government spy tool used by the United Arab Emirates.
The New York Times (opens in new tab) reported yesterday (Dec. 22) that the app tries to "track every conversation, movement, relationship, appointment, sound, and image of those who install it on their phones."
Last week ToTok was among the top ranked social apps (opens in new tab) in the U.S., per App Annie data cited by the Times. It can be used in countries that restrict other popular messaging services such as WhatsApp. At the time of its report, the Times said ToTok had been downloaded millions of times.
According to the investigation, ToTok's parent company Breej Holding is likely tied to DarkMatter (opens in new tab), a United Arab Emirates-based cyber-intelligence and hacking firm. DarkMatter is currently the subject of an FBI probe (opens in new tab), giving analysts reasons to suspect ToTok is funneling personal data to the UAE government.
"It was unclear when American intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that American officials have warned some allies about its dangers," the Times report says.
An anonymous digital security expert in the Middle East told the Times that senior Emirati officials informed them that ToTok was "indeed an app developed to track its users in the Emirates and beyond."
Well-known Apple-centric security researcher Patrick Wardle has posted a detailed technical breakdown of the iOS ToTok app (opens in new tab).
What you can do
Both Apple and Google have removed ToTok from their mobile app stores. But that doesn't stop the app from working if its already on your phone.
Delete your ToTok account within the app, then delete the app itself from your phone. WhatsApp, Telegram, GroupMe, WeChat and Kakao Talk (KaTalk) are alternative chat platform options.