Google, Android pull popular Mideast app ToTok after report it was a UAE spying tool
The moves come after The New York Times reported on Saturday the app ToTok allowed the UAE government to track the conversations, movements, and other details of people who installed it on their phone.
Apple told AFP that ToTok was removed from its App Store pending a review, while Google said it was taken down from the Play Store "for a policy issue."
The Times reported that ToTok, used by millions in the UAE and the surrounding region, had been designed to look like an easy and secure way to send messages and videos in countries where other services are banned.
The report said US intelligence officials and a security researcher determined the app was being used by the UAE government for detailed surveillance.
Security researcher Patrick Wardle, who assisted the newspaper, said in a blog post that ToTok appears to be part of a "mass surveillance operation" which "likely afforded in-depth insight in a large percentage of the country's population."
Wardle said the app became popular by offering free calling and messaging to users where services such as Skype and WhatsApp are blocked, and that it was also promoted by what appear to be fake reviews.
Wardle said ToTok appears to trick users of iPhones and Android devices into handing over access to their location and private data on their devices.
"You have access to users' address books, chats, location and more, in a completely 'legitimate,' Apple-approved manner!" the researcher wrote.
He likened ToTok's data collection to that of the US National Security Agency's "bulk collection" of metadata, only deeper.
Read more: Is this Google-sanctioned Emirati company poaching Israeli intelligence officers?
"Once you know who's talking to whom, and perhaps even what they are saying, you can identify specific individuals of interest and target them with more advanced capabilities," he said.
According to the Times, the app launched this year was developed by Breej Holding, which the newspaper said is likely a "front company" affiliated with DarkMatter, an Abu Dhabi-based cyber-intelligence and hacking firm which employs Emirati security officials, Israeli intelligence officers and US National Security Agency employees.
The analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm which is allegedly tied to DarkMatter.
Pax AI operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until lately was where DarkMatter was based.
DarkMatter was founded and is led by tycoon Faisal Al-Bannai, who also established Axiom Telecom, one of the Gulf’s major mobile phone sellers and the son of a general in the UAE military.
The company has been accused of recruiting CIA and US government officials to ride on their top-level intelligence expertise.
DarkMatter has been accused of hacking Arab activists, media professionals and thinkers.
These include the founder of al-Araby al-Jadeed and The New Arab, Azmi Bishara, as well as its CEO, Abdulrahman Elshayyal, according to Reuters.
In July, Firefox's browser maker Mozilla blocked websites certified by DarkMatter, saying they found "credible evidence" that the company had been involved in hacking operations.
A month later in August, Google blocked websites certified by DarkMatter from its Chrome and Android browsers without giving a reason.
In a blog post on Monday, ToTok said nothing of the spying allegations but noted that the messaging app was "temporarily unavailable" in the Android and Apple marketplaces "due to a technical issue."
"While the existing ToTok users continue to enjoy our service without interruption, we would like to inform our new users that we are well engaged with Google and Apple to address the issue," the statement said, while adding that the app is also available from its own website and from marketplaces by smartphone makers Samsung, Huawei, Xiaomi and Oppo.