For the second time within two months, Google has removed United Arab Emirates-developed messaging application ToTok from Google Play.
At the end of December, the popular mobile application was removed from both the Google Play marketplace and Apple’s App Store, after The New York Times reported that the UAE government was using it to spy on users.
Specifically, the software was reportedly allowing UAE to listen to conversations, track user movement, and access other information of people who had ToTok installed on their devices.
At the time, Apple said the app was pulled pending a review, while Google said it removed it for a policy issue.
By the end of December, the UAE’s Telecommunications Regulatory Authority denied the spying allegations, saying that such behavior was prohibited by law.
Roughly a week later, after the Internet search giant concluded their investigation, ToTok was back on Google Play with a series of update.
ToTok is no longer available in Google Play, as the Internet search giant removed it again on February 14, TechCrunch says. The application is not available in Apple’s App Store either.
While analyzing the application, Objective-see security researcher Patrick Wardle discovered that it requested a variety of permissions that were supposedly needed for legitimate purposes, as one would expect from a messaging app, but also that it was engaging in some not so straightforward activity.
The researcher observed that, after installation, the app would attempt to upload all of the user’s contact list to a specific site, that it uploads media files to its servers in encrypted form, and that it also sends out the user’s exact location, if authorized to access it.
Additionally, Wardle discovered that ToTok was largely composed of code from YeeCall. The code reuse is not surprising, especially since the app’s publisher, Breej Holding Ltd, is reportedly connected to Abu Dhabi-based cyber-intelligence and hacking firm DarkMatter.
SecurityWeek has contacted Google for clarification on why ToTok was removed from the mobile application store, but had not received a reply at the time of publication.
Related: UAE Denies Developing Popular Mideast App as Spy Tool
Related: Popular Mideast App Accused of Spying Back on Google Play
Related: Popular Mideast App Pulled After Report it Was Spying Tool

More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
