Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Google Removes Mideast Android App ToTok

For the second time within two months, Google has removed United Arab Emirates-developed messaging application ToTok from Google Play.

For the second time within two months, Google has removed United Arab Emirates-developed messaging application ToTok from Google Play.

At the end of December, the popular mobile application was removed from both the Google Play marketplace and Apple’s App Store, after The New York Times reported that the UAE government was using it to spy on users. 

Specifically, the software was reportedly allowing UAE to listen to conversations, track user movement, and access other information of people who had ToTok installed on their devices. 

At the time, Apple said the app was pulled pending a review, while Google said it removed it for a policy issue. 

By the end of December, the UAE’s Telecommunications Regulatory Authority denied the spying allegations, saying that such behavior was prohibited by law. 

Roughly a week later, after the Internet search giant concluded their investigation, ToTok was back on Google Play with a series of update. 

ToTok is no longer available in Google Play, as the Internet search giant removed it again on February 14, TechCrunch says. The application is not available in Apple’s App Store either. 

Advertisement. Scroll to continue reading.

While analyzing the application, Objective-see security researcher Patrick Wardle discovered that it requested a variety of permissions that were supposedly needed for legitimate purposes, as one would expect from a messaging app, but also that it was engaging in some not so straightforward activity. 

The researcher observed that, after installation, the app would attempt to upload all of the user’s contact list to a specific site, that it uploads media files to its servers in encrypted form, and that it also sends out the user’s exact location, if authorized to access it. 

Additionally, Wardle discovered that ToTok was largely composed of code from YeeCall. The code reuse is not surprising, especially since the app’s publisher, Breej Holding Ltd, is reportedly connected to Abu Dhabi-based cyber-intelligence and hacking firm DarkMatter

SecurityWeek has contacted Google for clarification on why ToTok was removed from the mobile application store, but had not received a reply at the time of publication.

Related: UAE Denies Developing Popular Mideast App as Spy Tool

Related: Popular Mideast App Accused of Spying Back on Google Play

Related: Popular Mideast App Pulled After Report it Was Spying Tool

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.