Just in time for Christmas, here’s a friendly reminder that technology isn’t always your friend.
Popular messaging app ToTok has been removed from the iOS App Store and Google Play Store, and if you have it on your phone you should probably remove it from there too. U.S. officials and a New York Times investigation published on Sunday found the app to be a spying tool for the United Arab Emirates, making it much less benign than it initially appears.
ToTok was released on July 27, and quickly grew in popularity in the U.A.E. Other messaging apps such as WhatsApp and Skype are blocked in the country, so users were thrilled to have a free, functional alternative. The app quickly spread to other Middle Eastern countries and then the rest of the world, even trending in the U.S App Store.
However, while it let people chat easily with friends and family without expensive data packages, ToTok was reportedly gathering information on its users’ contacts, locations, and conversations at the same time. Further, it was doing this entirely legitimately — from a certain point of view.
“Our analysis showed that ToTok, simply does what it claims to do… and really nothing more,” former National Security Agency hacker Patrick Wardle wrote in his breakdown of the app. “[It] is really the genius of the whole mass surveillance operation: no exploits, no backdoors, no malware.”
ToTok did what it claimed, in that it functioned as a messaging app. It also explicitly requested access to the phone’s microphone, camera, photos, location, calendar and contacts — all permissions that are often granted to messaging apps.
However, rather than sticking to strictly messaging-app-like activities, ToTok reportedly intended to use that access to surveil its users. And by blocking other chat apps in the country, the U.A.E. practically ensured the app’s success.