Everything transpires online in modern times, and anyone who wants to spy on people will find it to be easier than ever before. Governments, both the United States and abroad, love spying on their people. Many people download apps without checking their permissions or learning exactly what those permissions entail, entirely failing to investigate the app’s creator. This leaves gaping holes for spies and bad actors to find their ways into our lives, observing our digital footprints and collecting data on us.
Recently, a popular chat app launched by a company based out of the United Arab Emirates proved to be a bit more than its users were bargaining for. Many people who live in countries where most apps and conversation tools are restricted found that they were able to use ToTok, the app in question. When things seem too good to be true, it’s likely that they are.
What is ToTok?
ToTok was billed as an alternative to Skype, WhatsApp, and other popular chat and video call services. It quickly became widely used on nearly every continent, even briefly becoming one of the most downloaded apps in the United States. What users didn’t know is that the app itself was designed to record nearly everything that transpired on the device where it was installed. Pictures, calls, texts, locations, and even sounds the device was exposed to were recorded and stored. All of this information went directly to the government of the United Arab Emirates.
Traditionally, surveillance on private citizens is performed by government backed hacking groups. Simply hiding these spy tools in a popular and useful app allowed for automation of surveillance. Rather than having to manually identify journalists, critics, dissenters, or members of protest groups, the app caught everyone. Data was sent and stored to the government who could then analyze and interpret it in any way they desired.
How the Holes Were Discovered
Numerous cybersecurity experts examined the app, finding that the company responsible for development appeared to be a front. Breej Holding appears to be a thin veil for DarkMatter, a hacking firm that employs former government cybersecurity officials and experts from countries like the United States and Israel. The FBI placed DarkMatter on a watchlist some years ago, and technically maintains an open investigation into their activities.
The discovery of the association between the app’s developer and the known hacker collective lead researchers to probe the app’s permissions and behaviors, finding its complex storage system and data collection processes.
Researchers later came to find that the same building that houses the app’s developer also houses a company called Pax AI, a data mining firm with ties to DarkMatter. It is likely that the app company is utilizing Pax AI’s technology to interpret the data collected via the spy app.
All companies involved have declined to comment or failed to respond to contact attempts. Google and Apple were made aware of the threat posed by ToTok, with both stores eventually removing the app for purchase. Google claims that the app violated policy, and Apple claims they’re continuing to research the matter. Users who have not uninstalled the app are still vulnerable.
The UAE, Spying, and National Security
The United Arab Emirates was never considered a threat to national security. In fact, the current administration heavily relies on the UAE as an ally in the middle east. In a region of the world where so many important relationships have fractured or entirely dissolved, The United States’ relationship with the UAE is a crucial political strategy. The spy app seems to have been targeted to users in Arabic countries, with American users merely being caught in the crossfire.
Many popular chat apps, like Skype and WhatsApp, have been banned or modified in the UAE to limit their functionality. The government attempts to control and limit the narrative. This is likely what brought about ToTok. It was alluring because it appeared to be an available app that wasn’t restricted in its functionality, inspiring a massive amount of downloads in an area of the world where such a thing is rare. Many of the users did not realize the overwhelming catch that came with the download.
The UAE has a long history of spying on its citizens. Although the country bills itself as being a free and modern Arabic nation, the government still does not take kindly to dissent. In the past, journalists and bloggers have been kept in solitary confinement over the content of their social media posts. Western journalists criticizing the ruling family have been hacked by sources inside UAE, and others have had their bank accounts mysteriously turn up drained after publicly expressing displeasure with the political state of the UAE.
Are There Any Other Spy Apps?
Spy apps pop up in the Play Store and the App Store all the time. Recently, China as caught utilizing an app disguised as a learning app about the history of the country as a spy tool to essentially take ownership of its user’s phone. The app granted itself every possible permission behind the backs of its users, recording every move and storing every piece of data.
Before downloading an app, always research the app’s developer. Developers without a strong reputation or reliable evidence of legitimacy online should always be regarded as suspicious. Every app you download can access your personal information – some more than others. If you cannot verify the developer’s credibility, it’s best to assume that an app is unsafe.
Technically, Most Apps Are Spy Tools
Almost every app on your smartphone, especially your social media apps, require a lot of information from you. They often store that data, with many of them sharing or selling data to other companies. There is often a long list of affiliates who can in some way have access to your information, whether that information is basic demographics or every message you send through that app. Unless your communication tools are encrypted, it’s safe to assume that everything you communicate through that app can be accessed by a third party.
Protecting Yourself Online
Hackers and data thieves are everywhere. One of the best ways to keep yourself safe online is to connect solely via a VPN connection and to utilize private encrypted email services when sending important, confidential, or sensitive information electronically. TorGuard VPN offers users with the highest level of anonymity and protection, and PrivateMail allows users to securely exchange emails protected with OpenPGP encryption. Make sure you aren’t leaving yourself vulnerable – technology has become a playground for hackers and spies alike.