Security Experts:

Google Removes Mideast Android App ToTok

For the second time within two months, Google has removed United Arab Emirates-developed messaging application ToTok from Google Play.

At the end of December, the popular mobile application was removed from both the Google Play marketplace and Apple's App Store, after The New York Times reported that the UAE government was using it to spy on users. 

Specifically, the software was reportedly allowing UAE to listen to conversations, track user movement, and access other information of people who had ToTok installed on their devices. 

At the time, Apple said the app was pulled pending a review, while Google said it removed it for a policy issue. 

By the end of December, the UAE’s Telecommunications Regulatory Authority denied the spying allegations, saying that such behavior was prohibited by law. 

Roughly a week later, after the Internet search giant concluded their investigation, ToTok was back on Google Play with a series of update. 

ToTok is no longer available in Google Play, as the Internet search giant removed it again on February 14, TechCrunch says. The application is not available in Apple’s App Store either. 

While analyzing the application, Objective-see security researcher Patrick Wardle discovered that it requested a variety of permissions that were supposedly needed for legitimate purposes, as one would expect from a messaging app, but also that it was engaging in some not so straightforward activity. 

The researcher observed that, after installation, the app would attempt to upload all of the user’s contact list to a specific site, that it uploads media files to its servers in encrypted form, and that it also sends out the user’s exact location, if authorized to access it. 

Additionally, Wardle discovered that ToTok was largely composed of code from YeeCall. The code reuse is not surprising, especially since the app’s publisher, Breej Holding Ltd, is reportedly connected to Abu Dhabi-based cyber-intelligence and hacking firm DarkMatter

SecurityWeek has contacted Google for clarification on why ToTok was removed from the mobile application store, but had not received a reply at the time of publication.

Related: UAE Denies Developing Popular Mideast App as Spy Tool

Related: Popular Mideast App Accused of Spying Back on Google Play

Related: Popular Mideast App Pulled After Report it Was Spying Tool

view counter