Skip to main content

Popular chat app ToTok is reportedly secret United Arab Emirates spying tool

Popular chat app ToTok is reportedly secret United Arab Emirates spying tool

/

If this app is on your phone, uninstall it now

Share this story

Illustration by Ana Kova for The Verge

A report from The New York Times has revealed that messaging app ToTok, popular in the United Arab Emirates, is in fact a government spy tool, created for the benefit of UAE intelligence officials and used to track citizens’ conversations and movements.

ToTok launched earlier this year and has been downloaded by millions in the UAE, a nation where Western messaging apps like WhatsApp and Skype are partially blocked. It promised “fast, free, and secure” messages and calls, and attracted users across the Middle East and beyond, even becoming one of the most downloaded social apps in the US last week.

But, citing classified briefings from US intelligence officials and its own analysis, the NYT reports that ToTok is really a way for the UAE government to spy directly on its people. Citizens who used the app were sharing messages, pictures and videos, and even their location (supposedly being tracked to provide weather updates) with Emirati intelligence.

ToTok offered users “fast and secure messaging.”
ToTok offered users “fast and secure messaging.”
Image via The New York Times

The Times notes that this is something of a new development in the history of digital spying by authoritarian regimes. Although many governments routinely hack citizens’ phones, not many set up an ostensibly legitimate app and simply ask for access to their data.

“You don’t need to hack ... if you can get people to willingly download this app.”

“There is a beauty in this approach,” security researcher Patrick Wardle, who conducted an independent forensic analysis of ToTok, told the Times. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

The Times reports that the company that runs ToTok, Breej Holding, is most likely a front for Abu Dhabi-based cybersecurity firm DarkMatter. The app is also connected to UAE data-mining firm Pax AI, which shares offices with the Emirates’ signals intelligence agency.

Breej Holding, DarkMatter, and the UAE government have yet to comment on the Times report, but both Google and Apple have removed ToTok from the Play Store and App Store. The FBI also refused to comment, but a spokesperson for the bureau told the Times: “[W]hile the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

Today’s Storystream

Feed refreshed Two hours ago Striking out

A
Andrew WebsterTwo hours ago
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.


A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
J
Twitter
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.


A
External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.


A
External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.


E
TikTok
Spain’s Transports Urbans de Sabadell has La Bussí.

Once again, the US has fallen behind in transportation — call it the Bussí gap. A hole in our infrastructure, if you will.


J
External Link
Jay PetersSep 23
Doing more with less (extravagant holiday parties).

Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC.

“Maybe you were planning on hiring six more people but maybe you are going to have to do with four and how are you going to make that happen?” Pichai sent a memo to workers in July about a hiring slowdown.

In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.


E
External Link
Insiders made the most money off of Helium’s “People’s Network.”

Remember Helium, which was touted by The New York Times in an article entitled “Maybe There’s a Use for Crypto After All?” Not only was the company misleading people about who used it — Salesforce and Lime weren’t using it, despite what Helium said on its site — Helium disproportionately enriched insiders, Forbes reports.


J
Youtube
James VincentSep 23
Nvidia’s latest AI model generates endless 3D models.

Need to fill your video game, VR world, or project render with 3D chaff? Nvidia’s latest AI model could help. Trained on 2D images, it can churn out customizable 3D objects ready to import and tweak.

The model seems rudimentary (the renders aren’t amazing quality and seem limited in their variety), but generative AI models like this are only going to improve, speeding up work for all sorts of creative types.