Skip to main content

App accused of being a UAE spy tool back on sale

After abruptly pulling ToTok last month, Google Play has reinstated the free app, but cybersecurity experts are still raising alarm bells
Most users of Totok are in the Emirates (AFP)

A chat app which intelligence experts have accused of being an Emirati spy tool has gone back on the market, days after it was abruptly pulled following a New York Times investigation.

ToTok, a messaging service like WhatsApp or Skype that allows users to text or send video messages, was introduced in August 2019.

The app had already been downloaded for free by millions of users when the NYT reported that the Emirati government was using it to track the intimate details of those who had installed it.

The company behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence firm currently being investigated by the FBI, the NYT reported.

"Uninstall it yesterday," Patrick Wardle, a security researcher who helped the NYT with its investigation and formerly worked at the National Security Agency, said of the app.

Twitter and Facebook are no longer safe for us, say prominent Arab activists
Read More »

Google and Apple quickly pulled it off the market. Days later, the UAE denied that the app was a spy tool and Totok’s apparent co-founder, Giacomo Ziani, posted a video on Twitter, pleading with the companies to reinstate the product.

“We are not linked to any government, not the UAE, the US or China,” Ziani said on 27 December, saying “ungrounded rumours” were being spread.

“As a small start-up, we were certainly not ready for publicity. We are more interested in discussing product, user experience, than anything else.”

His pleas seemed to have worked, at least partially: over the weekend, Google Play put ToTok back up for purchase. But that hasn’t quite calmed down the controversy.

Bill Marczak, a research fellow at Citizen Lab who has also investigated the app, questioned how Google had presented the debacle.

“Makes it sound like Google may have removed the app due to design issues around consent, rather than the results of an investigation into the app's linkage with UAE intelligence,” Marczak tweeted.

Kim Zetter, a veteran investigative reporter covering cybersecurity and national security, has reported that a media company tried to recruit her in recent days to pay her to promote ToTok.

Middle East Eye has approached Google for comment.