UAE spying with popular app, report says
NEW YORK — A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a newspaper report.
The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, The New York Times reported, citing U.S. officials familiar with a classified intelligence assessment and the newspaper’s own investigation.
The Emirates has long blocked Apple’s FaceTime, Facebook’s WhatsApp and other calling apps. Emirati media has been playing up ToTok as an alternative for expatriates living in the country home to their loved ones for free.
The Times says ToTok is a few months old and has been downloaded millions of times, with most of its users in the Emirates, a U.S.-allied federation of seven sheikhdoms on the Arabian Peninsula.
Government surveillance in the Emirates is prolific, and the Emirates long has been suspected of using so-called zero day exploits to target human rights activists and others.
Zero-day exploits can be expensive to obtain on the black market because they represent software vulnerabilities for which fixes have yet to be developed.
The Times described ToTok as a way to give the government free access to personal information, as millions of users are to call willingly downloading and installing the app on their phones and blindly giving permission to enable features.
As with many apps, ToTok requests location information, purportedly to provide accurate weather forecasts, according to the Times. It also requests access to a phone’s contacts, supposedly to help users connect with friends. The app also has access to microphones, cameras, calendar and other data.
In a blog post Monday, ToTok did not respond directly to Sunday’s Times report, but said that with “reference to the rumors circulated today about ToTok,” the one goal of the app’s creators was to create a reliable, easy-to-use communications platform. The post said ToTok had highsecurity standards to protect user data.