A lot of the popular apps have been accused of spying on their users at some point in time. A few of them try to extract data for commercialization, and others could be using these platforms to just spy for governments.
Recently, a messaging app, ToTok that is (don’t confuse it with TikTok) quite popular in the United Arab Emirates (UAE) has been alleged as a platform that is being used by UAE intelligence officials spy on its citizens. ToTok chat app is backed by Breej Holding, which is a front firm affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm.
Disguised as a secure app, ToTok has been taken down from both Google Play Store and Apple App Store.
According to a New York Times report, “ToTok messaging app is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.”
Also Read: Best Messaging Apps For Android
After doing a deep analysis of ToTok, Patrick Wardle (a security researcher at Jamf) stated that “ToTok, simply does what it claims to do…and really nothing more. Assuming the claims that ToTok is actually designed to spy on its users, this “legitimate” functionality of the app, is really the genius of the whole mass surveillance operation: no exploits, no backdoors, no malware, …again, just “legitimate” functionality that likely afforded in-depth insight in a large percentage of the country’s population.
…hooray! Now you have access to users’ address books, chats, location and more, in a completely “legitimate”, Apple-approved manner!”
After thanking everyone for making Totok the #1 trending app in UAE, below is the official statement released by the company,
“Furthermore, we equipped ToTok with such high-security standards as AES256, TLS/SSL, RSA, and SHA256, to diligently protect the user data. We also implemented a privacy framework that complies with the local and international legal requirements to safeguard our users at all times.
As the ToTok momentum continues to grow, some new users have notified us they are unable to download our app in Google Play Store and Apple App Store.
Indeed, ToTok is temporarily unavailable in these two stores due to a technical issue. While the existing ToTok users continue to enjoy our service without interruption, we would like to inform our new users that we are well engaged with Google and Apple to address the issue.
For our new users with Samsung, Huawei, Xiaomi and Oppo phones, ToTok is available in the phone maker’s app store. All other Android users can install the ToTok app from our official website as a temporary solution.
We have worked incredibly hard to deliver one of the best apps in the market. We promise to work even harder to enhance ToTok, with many new features that our users have requested, such as payment, news, commerce, and entertainment, in the near future.
Thank you for giving us the opportunity to serve you.”.
What Apple and Google Said For ToTok:
- With reference to ToTok, Apple said on Sunday that “it is still researching ToTok.”
- A spokesperson for Google said, “We take reports of security and privacy violations seriously. If we find behavior that violates our policies, we take action.”
What Have We Learnt?
It’s still unclear, why tech companies aren’t taking advanced steps, even after these recent blunders with the most popular apps all over the world. Why are they so lenient when it comes to detecting loopholes in approved apps that have the hidden functionality to pipe up data for commercialization or spying.
For now, the best you can do is to uninstall ToTok messaging app and make sure to tell others to do the same so that no more users get affected.
We Are Listening
Do you also think there must be an advanced process to check these apps regularly so that all loopholes can be taken care of? Does App Store as well as Play Store don’t have a process to inspect apps that are being added to their store for download purposes?
Share your thoughts in the below comments what do you think about these kinds of blunders that just take away a user’s trust on an app he/she is using for a while now?