UPDATE: Totok is back on the Google Play Store even after being flagged as a spy tool for the UAE. It had been removed from the Google Play Store and the Apple App Store. In the What’s New section, ToTok says its more explicit in what data they collect now.
https://twitter.com/josephfcox/status/1214261961367736321
In case you had any reservations about the shortcomings of a user protection system that is based on combating "deception" https://t.co/ApkZCb45Cl
— Amie Stepanovich (@astepanovich) January 6, 2020
This is just one step removed from "we steal your data, but as long as we notify you we're stealing from you, it's cool…" https://t.co/yG5aPyseDc
— Jake Williams (@MalwareJake) January 6, 2020
https://twitter.com/Bing_Chris/status/1214217304248082434
ToTok is a messaging app popular on the Google Play Store and Apple App Store. US intelligent officials are saying the app may likely be a spy tool that sends data from users to the government of the United Arab Emirates. the app has been downloaded by hundreds of thousands of users and its advisable to delete it right now.
TokTok was removed from the Google Play Store and Apple App Store on Thursday and Friday this past week respectively but the app still kept working for users who have already downloaded it. The app offers free unlimited voice, video calling and messaging to anyone with an internet connection to stay connected with family and friends around the world and has received lots of positive reviews especially from the UAE where other messaging apps have been blocked or don’t have these features and you have to use a VPN – this fact alone should have raised eyebrows.
ToTok claims it was removed from the Apple and Google stores for a “technical issue.” It was removed because of our story: https://t.co/xCNqD0EGhH pic.twitter.com/flXDhsiWst
— Nicole Perlroth (@nicoleperlroth) December 23, 2019
Although Google Play Store and Apple’s App Store ensure apps on its platforms aren’t malicious, some manage to slip through. It’s even worse when the apps are surveillance tools.
This is really really really bad. “It has access to users’ microphones, cameras, calendar and other phone data.” Basically, spyware… https://t.co/vqrATwdLhZ
— John Panzer (@[email protected]) 🏅 (@jpanzer) December 22, 2019
The messaging app says that it’s a “fast and secure calling and messaging app,” but on close inspection – it doesn’t talk about end-to-end encryption which is a feature that protects data from prying eyes at all times except on authorized users’ devices.
If the UAE is such a stable/moderate/liberal/tolerant (bla, bla, bla) political system — that US officials frequently cite as a model for the Arab world — why does have to go to such extreme lengths to monitor its own citizens? https://t.co/Q2Xn3g1pZB @sarahleah1 @JamalsNews
— Nader Hashemi (@naderalihashemi) December 23, 2019
“When you start analyzing an app like this you expect to find a backdoor or some zero-day exploits. But the more I think about it, this is actually a more elegant approach, which is just leveraging completely legitimate functionality. What that gives you is a very cost-effective, easy way to gain a ton of information on people,” says Patrick Wardle, a security researcher at Jamf specialized in Apple operating systems who formerly worked at the National Security Agency in his technical analysis of ToTok.
State sponsored mass data abuse camouflaged by all the regular commercial mass data abuse hidden in everyday apps #DeleteToTok https://t.co/Dpzln1Hb5e pic.twitter.com/zgAgBSsuIm
— David Carroll 🦣 (@profcarroll) December 23, 2019
“The problem is where’s the data going and who has access to it? And those are very, very hard questions to answer. There’s a large amount of plausible deniability, which is why it’s a no-brainer approach to gain a high degree of surveillance. I’m not saying it’s good or ethical, but if other countries aren’t doing this, from their point of view they should,” Wardle continues in Wired.
I’ve been thinking for awhile that we will likely come to see this time in history as a world war. We’re in a cyberpunk timeline now https://t.co/fc255H0t1l
— Brooke Binkowski (@brooklynmarie) December 22, 2019
Read the New York Time article about the app here.