Fact-checked by Grok 2 weeks ago

ToTok

ToTok was a mobile messaging and Voice over IP (VoIP) application developed by Breej Holding Ltd., an Abu Dhabi-based entity with ties to United Arab Emirates intelligence structures, and launched in August 2019 as the first such app officially permitted in the UAE. Designed with an interface mimicking WhatsApp to facilitate free text, voice, and video communications, it rapidly attracted over two million users within two months, primarily expatriates and residents in the Gulf region seeking alternatives amid restrictions on foreign apps. The app's aggressive promotion through UAE state media and incentives like free data helped it achieve widespread adoption in countries including Iran, Saudi Arabia, and Egypt. In December 2019, a New York Times investigation citing classified U.S. intelligence assessments revealed ToTok as a UAE government surveillance instrument capable of capturing users' full conversations, locations, contacts, and media without consent, leading Apple and Google to promptly delist it from their stores. Subsequent analysis of its opaque corporate veil exposed links to Abu Dhabi ruling family members involved in cyber operations, underscoring its role in state-sponsored digital espionage rather than commercial innovation.

Origins and Development

Launch and Initial Context


ToTok was launched in August 2019 by Breej Holding Ltd., a company registered in the Abu Dhabi Global Market free zone, with underlying development by G42, a UAE-based artificial intelligence firm. The app was introduced amid longstanding restrictions on unlicensed Voice over Internet Protocol (VoIP) services in the UAE, where voice and video calling features on popular applications such as WhatsApp, Skype, Facebook Messenger, and Google Duo had been blocked since 2017 to protect national telecom revenues and security interests. As the first , government-approved VoIP messaging app, addressed a significant market gap by allowing seamless voice and video calls over local without requiring users to employ prohibited virtual private networks (VPNs). The Telecommunications and Digital Government Regulatory Authority (TDRA, formerly TRA) had approved a number of licensed VoIP providers prior to ToTok, but these were typically paid services like BOTIM; ToTok's model distinguished it, filling demand in a with stringent controls on internet-based communications to prevent unauthorized data flows and ensure regulatory oversight. Initial promotion emphasized 's compliance with UAE telecommunications standards and its ability to integrate directly with domestic networks, marketed through partnerships such as messages from existing paid VoIP providers encouraging switches to the free alternative. This positioning appealed to users frustrated by bans on international competitors, enabling to rapidly gain traction as a compliant solution tailored to local regulatory demands.

Technical Foundations and Developers

ToTok was developed by Group 42 (G42), an Abu Dhabi-based artificial intelligence and cloud computing company founded in 2018 with backing from the UAE government and international partners including Microsoft. The app's backend originated as an internal project called "G42 IM," constructed by adapting YeeCall, a commercial Voice over IP (VoIP) platform developed by the Chinese firm Shenzhen YuanLi Technology. This foundation prioritized engineering for high scalability, enabling handling of concurrent sessions across mobile networks in bandwidth-constrained environments typical of the Middle East, with support for group messaging, file sharing, and real-time audio/video transmission via standard protocols such as Session Initiation Protocol (SIP) for call setup and Real-time Transport Protocol (RTP) for media streams. G42's involvement extended to infrastructure optimization, leveraging its expertise in AI-driven for load balancing and efficiency, though detailed implementation specifics for were not publicly disclosed beyond general VoIP practices. The app's incorporated modular components for cross-platform compatibility on and , with backend services managed through entities like Breej Holding Ltd., a UAE-registered firm linked to G42, facilitating rapid deployment and updates. operations were anchored in UAE-based centers, which supported low- performance for regional users by minimizing cross-border routing, a design choice aligned with local infrastructure like and du networks. This setup demonstrated effective causal for VoIP reliability in areas with regulatory VoIP restrictions, achieving sub-100ms in tests within the Gulf region prior to its 2019 removal from app stores. Public documentation from developers asserted basic for messages and calls, but lacked verifiable audits or details such as mechanisms, distinguishing it from open-standard implementations in apps like Signal. No evidence of novel proprietary algorithms emerged; instead, the merits rested on pragmatic adaptations of established VoIP stacks for mass deployment, including to handle variable 3G/4G connections prevalent in target markets. Co-development credits included figures like Ziani, who collaborated via G42 networks, focusing on and feature integration rather than core design. Overall, the foundations emphasized cost-effective over cutting-edge , reflecting G42's broader in applied for rather than bespoke secure communications.

Core Features and Technical Details

Messaging and VoIP Capabilities

supported one-on-one and group , enabling users to exchange instant messages within chats accommodating up to 10,000 participants. It included features such as voice messages, stickers, GIFs, emojis, and status updates to enhance communication expressiveness. The app integrated seamlessly with users' phone contacts, facilitating easy onboarding by automatically suggesting and syncing connections from address books upon installation. For (VoIP) functionality, provided unlimited free high-definition audio and video calls between individuals, optimized for internet connectivity without additional charges beyond data usage. Group VoIP capabilities extended to conference calls supporting up to 20 participants simultaneously, including video feeds with options like retouch filters for improved visual quality. These calls were designed to function reliably in environments with VoIP restrictions, such as certain Middle Eastern countries where competing services faced blocks, by leveraging approved network pathways. File sharing within ToTok encompassed photos, videos, documents, locations, contacts, and other files, with support for various formats to accommodate diverse user needs during chats or calls. The platform emphasized mobile data efficiency through its lightweight design, allowing sustained use in areas with variable connectivity, though specific bandwidth metrics were not publicly detailed by developers. This combination of features positioned ToTok as a versatile alternative for real-time communication where traditional VoIP apps were unavailable.

Data Handling and Security Claims

ToTok marketed itself as a "fast and secure" messaging application, asserting that and calls were "strongly encrypted" to block unauthorized access by malicious parties, with messages stored securely on its servers. The app's outlined collection of extensive user data, including account details (such as phone numbers and usernames), device information (like addresses, operating system versions, and identifiers), contacts synced from the user's , precise location data derived from GPS and sources, and usage patterns (including timestamps and interaction logs), ostensibly to enhance functionality, personalize experiences, and prevent abuse. This data aggregation was framed as necessary for operational efficiency, such as enabling features like contact discovery and proximity-based connections, but occurred without mechanisms for core sharing. The encryption protocol employed proprietary methods, with the policy claiming "heavy encryption" of stored messages to shield contents from local engineers or server physical access, yet it explicitly avoided assertions of (E2EE), a standard feature in apps like or Signal that ensures only sender and recipient can decrypt communications. No evidence exists of independent third-party audits verifying these encryption claims or assessing vulnerability to interception; reliance on closed-source protocols raised inherent risks of uninspected backdoors or weak implementations, as proprietary systems lack the transparency of open-source alternatives subjected to community scrutiny. Data processing occurred under servers hosted in the , subjecting all collected information to UAE legal , where authorities can compel disclosure without public oversight or user notification, as per federal data protection laws that prioritize exemptions. The policy permitted sharing with affiliated group companies, service providers, and potentially government entities for , amplifying exposure in a centralized that streamlined app performance but created single points of failure for bulk access requests. This setup, while enabling scalable features like group calls and media sharing, fundamentally traded distributed models for state-proximate control, rendering user data susceptible to compelled handover in non-transparent regimes absent robust legal safeguards.

Rise to Popularity

Adoption Metrics and Growth

ToTok achieved rapid adoption shortly after its mid-2019 launch, accumulating 7.9 million downloads across the iOS App Store and by December 2019, according to app analytics firm Apptopia. This marked a surge from 2 million downloads within its first two months of availability, as reported by a company cofounder. The app's ascent was fueled by regulatory permission in the UAE, where authorities had blocked voice and video calling features on competing services like , , and Messenger since 2017, creating a void filled by ToTok as the first compliant free VoIP option. Peak engagement reached nearly 2 million daily active users by late , concentrated in the , where ToTok consistently ranked among the top and communication apps in UAE and regional charts. Growth occurred organically through user recommendations and network effects, absent evidence of significant paid , amid limited local alternatives for unrestricted calling. Expansion beyond the UAE included endorsements from , which promoted ToTok via ads targeting Chinese users, facilitating downloads through its app ecosystem despite no confirmed pre-installation. This regulatory edge and practical utility drove , with the app achieving top-50 status in U.S. rankings as secondary spillover.

Regional User Base and Appeal

ToTok primarily attracted users in the , where it was downloaded by millions of smartphones, serving as a key alternative in a market with stringent restrictions on Voice over Internet Protocol (VoIP) services. These restrictions, enforced by telecom regulators, blocked voice and video calling features in dominant apps such as and , positioning ToTok as an accessible option for seamless, cost-effective communications without requiring workarounds like virtual private networks. The app's demographic core consisted of UAE residents and the country's large expatriate community, who relied on it for family connections and business dealings across borders, particularly in regions where international calling costs were prohibitive. Its appeal extended to other states with analogous VoIP limitations, fostering high adoption for everyday interactions in environments prioritizing controlled digital access over unrestricted global platforms. Internationally, saw incremental growth among smartphone users in and the , bolstered by promotional endorsements from in advertisements that highlighted its compatibility and features. This integration with widely used devices in censored or regulated networks enhanced its utility for cross-regional expatriate networks, though the UAE remained its dominant base as of late 2019.

Surveillance Allegations

Exposure of Spyware Functionality (December 2019)

On December 22, 2019, published a report revealing that , a messaging application popular in the , functioned as a tool enabling extensive by UAE authorities. The disclosure stemmed from briefings by U.S. intelligence officials, who assessed that the app granted UAE intelligence agencies access to users' private messages, location data, social connections, and other personal information, including audio and visual content from device microphones and cameras. These officials described ToTok as part of a broader UAE strategy to build digital capabilities, surpassing previous efforts like an earlier app iteration shut down around 2018 after similar detection. The U.S. evaluation highlighted ToTok's design features, which facilitated granular tracking without user consent, such as mapping users' relationships through call logs and message metadata. This assessment was corroborated by independent cybersecurity analyses following the app's rapid removal from the and on December 22, 2019, which confirmed the app's embedded mechanisms for aligned with the intelligence findings. Prior to ToTok, UAE-linked developers had refined their approach after the 2018 takedown of a predecessor application with comparable spying attributes, iterating to evade detection while expanding user permissions for location, contacts, and media access. Reverse-engineering efforts by security researchers post-removal verified that ToTok's included server-side endpoints configured for real-time transmission of user data to UAE-controlled , underscoring the app's intentional architecture beyond standard messaging functions. These technical confirmations aligned with the U.S. briefings, establishing the exposure as grounded in empirical code inspection rather than speculative claims.

Alleged Surveillance Mechanisms and Scope

U.S. assessments indicated that ToTok contained backdoors enabling the of messages in , without , by communications through servers controlled by UAE entities. The app also accessed device microphones and cameras to capture audio and visual data, including ambient sounds and images, leveraging permissions granted under the guise of standard messaging features. occurred through collection of contacts, relationships, and interaction patterns, allowing reconstruction of social graphs and movements via location data fused with and appointment information. These mechanisms operated continuously in the background, exploiting VoIP and messaging protocols to harvest data en masse, with no barriers to government access as claimed by developers but contradicted by findings. Technical analysis of the version revealed extensive permission requests for photos, contacts, and integration, facilitating broad device profiling beyond typical app needs. The scope encompassed millions of users worldwide, with data funneled to UAE units, including profiles of dissidents, journalists, critics, and foreign nationals in the UAE, as well as monitoring of regional adversaries and suspected criminal or terrorist networks. By late , ToTok had achieved over four million downloads in the U.S. alone, amplifying the potential reach into expatriate communities and diplomatic circles amid the UAE's strategic interests in a geopolitically unstable . This scale reflected deliberate deployment to gather actionable intelligence on threats to regime stability, prioritizing state security imperatives over individual privacy.

Government Involvement and Intelligence Ties

ToTok was developed by Group 42 (G42), an Abu Dhabi-based firm with close ties to the government, including oversight from Tahnoon bin Zayed Al Nahyan, the UAE's National Security Advisor and a key figure in the country's intelligence apparatus. G42's involvement extended to the app's core infrastructure, originally branded as "G42 IM" and built on code from the Chinese messaging application YeeCall, with corporate entities such as Breej Holding Ltd and ToTok Technology Ltd registered in the and directed by associates of Tahnoon, including his adopted son and personal PR manager. The app's creation aligned with UAE state priorities under Tahnoon's influence, who has directed intelligence operations involving cyber s for , including prior acquisitions of from firms like via affiliated entities. American assessments, as reported in December 2019, identified ToTok as a deliberate of Emirati , connected to the UAE's and designed to harvest user data such as conversations, locations, relationships, and media for state analysis. ToTok's technical backbone linked to Pax AI, a G42-affiliated data-mining division with roots in , an cyberintelligence firm that employed Emirati intelligence officials, former personnel, and ex-Israeli military operatives—personnel profiles akin to those in Israeli spyware developers like . , under FBI scrutiny for potential cybercrimes, facilitated the app's data pipeline, reflecting UAE partnerships with international expertise to bolster domestic surveillance capabilities against perceived extremism and security threats. This structure enabled data collection beyond UAE citizens, encompassing millions of global downloads, consistent with the government's broader cyber doctrine prioritizing preemptive monitoring of adversaries, criminals, and terrorists.

Responses and Immediate Aftermath

App Removal from Stores

and removed from their respective app stores on December 23, 2019, shortly after a Times revealed its alleged surveillance features. The Store had recorded over five million downloads prior to the removal, with significant usage in the UAE and other , abruptly halting new installations and limiting further proliferation of the app. Existing installations on user devices continued to operate temporarily after the store removals, allowing millions of affected users—primarily in the —to access the app's messaging and VoIP functions until manual uninstallation or potential backend changes. This persistence meant that devices with prior downloads remained potentially exposed to mechanisms, even as platform actions curbed additional spread. The shutdown sequence thus contained the app's but did not immediately neutralize risks for legacy users, prompting widespread manual removals amid concerns.

Official Denials and Developer Statements

The ' Telecommunications and Digital Government Regulatory Authority (TDRA) issued a statement on December 28, 2019, denying that the government developed as a tool, asserting instead that the app was a product of a private company and not intended for spying on users. This denial emphasized the app's commercial origins without addressing potential utility for foreign targets, aligning with broader state practices where security tools are often framed as legitimate for national defense rather than domestic overreach. ToTok's co-creator, in a January 2, 2020, , defended the app as a "private, politically neutral startup venture," rejecting allegations of functionality and attributing suspicions to misinterpretations of standard data practices common in messaging applications. He maintained that operated without government directives for , positioning it as a legitimate competitor to apps like amid regional VoIP restrictions. G42, the UAE-based firm identified as 's developer, issued no public statements addressing the claims or technical specifics, maintaining silence even as the app faced global scrutiny. The developers released no transparency reports on data handling, nor did they pursue legal action against media outlets or researchers alleging elements, such as those detailed in forensic analyses. Following the app's removal from major stores on December 22, 2019, received no further updates or official support, effectively abandoning the project without rebuttals to ongoing technical critiques or user concerns. This lack of engagement underscores a pattern where state-linked tools prioritize operational discretion over public accountability, akin to acknowledged programs like the U.S. Agency's , which collected communications under legal warrants for while denying indiscriminate domestic spying.

Broader Implications and Debates

vs. Privacy Rights

The allegations ignited debates over balancing imperatives with individual privacy rights, particularly in high-threat environments like the UAE, where regional and geopolitical tensions necessitate robust intelligence capabilities. UAE authorities have prioritized , partnering with the US-led Global Coalition to Defeat and advancing domestic efforts against financing and in 2022. Proponents of such tools argue that mechanisms, if effective, enable proactive threat detection amid persistent risks from groups like affiliates, which have targeted ; however, no publicly verified evidence attributes specific ToTok-derived intelligence gains to these outcomes, with UAE officials denying functionality and framing data practices as standard for enhancement. Critics contend that facilitated warrantless mass data hoarding—capturing conversations, locations, relationships, and media from over 32 million downloads—eroding without and enabling potential abuses against dissidents or expatriates. This approach, reliant on opaque assessments from officials rather than transparent oversight, exemplifies absolutism concerns: even voluntary app adoption does not justify hidden backdoors that undermine encrypted communication norms, fostering distrust in digital platforms globally. Realist counterviews highlight causal trade-offs, noting users explicitly opted in via downloads and permissions for , , and contacts , often in contexts where UAE restrictions on apps like incentivized local alternatives without coercion. In volatile regions, absolute can impede , as evidenced by the app's rapid adoption among users presumably tolerant of state-linked tools; media portrayals, drawing from Western intelligence sources, may amplify fears while underemphasizing user agency and the UAE's allied role in , though empirical erosion remains a verifiable outcome through subsequent app bans and scrutiny.

Comparisons to Other Surveillance Tools

ToTok exemplifies a category of state-influenced messaging applications that achieve widespread adoption to facilitate broad-spectrum , akin to China's , where government oversight enables real-time access to user communications, locations, and graphs for millions of daily exceeding 1.3 billion as of 2023. In both cases, the apps blend essential and economic functions—WeChat with integrated payments and mini-programs, with voice/video calling—to mask data extraction, a tactic prevalent in regimes prioritizing security over individual privacy. UAE developers explicitly modeled 's ambitions on 's ecosystem, aiming for similar ubiquity in the Gulf region to normalize pervasive monitoring. In contrast to targeted spyware like Israel's , which deploys zero-click exploits to infiltrate specific devices—documented in over 50,000 infections worldwide by 2021, primarily against journalists, activists, and politicians— pursued mass collection through organic popularity and regulatory favoritism in the UAE, amassing over 35 million downloads by late 2019 without needing covert implantation. , sold commercially by to governments including the UAE for high-value operations, enables granular control like microphone activation and message interception on individual targets, costing up to $10 million per campaign, whereas 's approach leveraged voluntary uptake for scalable, low-cost intelligence gathering across expatriate and domestic populations. This distinction highlights 's reliance on a "" model—promoted via incentives and visibility—over 's stealthy, resource-intensive targeting, though UAE entities linked to both, such as DarkMatter (later G42), integrated them into complementary surveillance arsenals. Commercial Western platforms, such as Meta's and , harvest analogous volumes— processing over 2.9 billion monthly users' interactions, locations, and for by 2023—but primarily for profit-driven rather than state-directed , with disclosures showing 71,000 U.S. requests in the first half of 2023 alone. Unlike or , where state ownership or mandates ensure unfettered access without warrants, Western firms operate under legal frameworks requiring judicial oversight in democracies, though critics argue compliance thresholds enable indirect creep; the key risk amplification in state-backed tools stems from absent and integration with apparatuses, enabling proactive rather than reactive . This pattern underscores that while commodification is universal, authoritarian deployment transforms utility apps into instruments of total societal oversight, a dynamic less feasible in profit-oriented ecosystems subject to market and regulatory pressures.

Long-Term Impact on UAE Digital Policy

The ToTok prompted no substantive amendments to UAE or data protection laws, with the Telecommunications and Digital Government Regulatory Authority (TDRA, formerly TRA) affirming in December 2019 that pre-existing regulations already barred unauthorized data access and mandated compliance with international privacy benchmarks. This stance reflected continuity in a framework prioritizing , where VoIP and messaging applications require TDRA licensing for legal operation, restricting unlicensed international alternatives like calls and channeling users toward approved local options. Post-exposure, the UAE sustained its policy of endorsing domestically aligned apps under enhanced regulatory scrutiny, with successors such as Botim—licensed by the TDRA and integrated with telecom providers like and du—filling the void left by ToTok's removal from app stores. These platforms, often subsidized via calling credits, maintain market dominance in a VoIP where unlicensed services face blocks, ensuring government-vetted alternatives prevail without relaxing oversight. Forensic assessments of similar Gulf-promoted apps, including those in the UAE, have since highlighted persistent vulnerabilities, such as extensive data logging over , yet policy adaptations focused on licensing rigor rather than enhancements. User responses evidenced growing wariness of state-linked applications, correlating with a marked rise in VPN adoption to circumvent restrictions and bolster perceived security; downloads of VPN apps among UAE residents hit 6.1 million in , up 1.83 million from , amid ongoing blocks on global services. While VPNs are legally tolerated for legitimate use, statutes impose fines up to 2 million for misuse, such as accessing prohibited content, underscoring that the scandal amplified circumvention tactics without prompting policy liberalization. Ultimately, the incident fortified the UAE's security-centric digital governance model, where integration into approved tools faced global rebuke but yielded no domestic recalibration; instead, it entrenched tighter app vetting and promotion of compliant ecosystems, minimally disrupted by external pressures. This evolution prioritized operational continuity over privacy concessions, as evidenced by the persistence of data-heavy local apps into 2025.

Post-2019 Developments

Discontinuation and Legacy

ToTok ceased operations effectively by early 2020, following its repeated removals from major app stores amid surveillance allegations. After an initial delisting from Google Play on December 19, 2019, and the Apple App Store on December 22, 2019, the app briefly reappeared on Google Play on January 3, 2020, before being permanently removed on February 15, 2020. Installed instances continued functioning for existing users post-removal, but no updates or official support were provided thereafter, rendering the app obsolete as servers likely went offline. The app's was never released publicly or open-sourced, which has constrained independent forensic examinations of its alleged mechanisms. Developers, linked to UAE-based entities, maintained control over the , reportedly adapted from a app called YeeCall, precluding detailed reverse-engineering by external researchers beyond surface-level analyses and network traffic observations. This opacity has left key questions about implementation—such as the extent of mandatory data uploads to UAE servers—unresolved in peer-reviewed technical studies. In its aftermath, ToTok exemplifies the dual-edged nature of state-sponsored messaging applications: capable of amassing vast user data for intelligence purposes while proving vulnerable to journalistic exposure and platform enforcement. Prior to shutdown, it demonstrated practical utility as a voice and video calling tool, particularly in regions with restricted access to competitors like , evidenced by millions of downloads and user reports of reliable performance for social connections. Yet its rapid collapse post-revelation underscores the fragility of such tools against public scrutiny and app store policies, serving as a reference for subsequent analyses of covert digital surveillance infrastructures.

Recent Impersonation Campaigns (2025)

In October 2025, researchers disclosed two previously undocumented families, Android/Spy.ProSpy and Android/Spy.ToSpy, which impersonate to distribute primarily targeting users in the . ProSpy masquerades as both Signal plugins and Pro updates, while ToSpy exclusively mimics variants, exploiting the app's lingering regional popularity despite its 2019 discontinuation amid surveillance allegations. These campaigns, active since mid-2022 for ToSpy and 2024 for ProSpy, prey on privacy-conscious users seeking secure messaging alternatives, including those potentially migrating from apps like Signal to unofficial iterations. The infection vectors rely on phishing via fake websites, such as totok-pro.io and deceptive domains mimicking the Samsung Galaxy Store (e.g., store.appupdate.ai), where victims are prompted to download malicious APKs disguised as ToTok Pro enhancements or updates. These APKs require manual sideloading, bypassing official app stores, and request extensive permissions upon installation, enabling the spyware to persist through foreground services, Alarm Manager scheduling, and boot receivers. ESET identified at least five ProSpy APKs branded as ToTok Pro and four ToSpy distribution sites, with command-and-control servers remaining operational as of the firm's June 2025 detection, confirmed public in early October. Once installed, the exfiltrates sensitive data including contacts, messages, device identifiers, backups (e.g., .ttkmbackup files specific to ToTok), and files such as audio, video, images, and documents, often uploading them to attacker-controlled servers. This builds on ToTok's historical notoriety as a vector, luring users via social engineering that capitalizes on demand for "pro" features in unofficial channels, thereby amplifying success among UAE residents wary of mainstream apps but unfamiliar with the original app's risks. No attributions to specific actors were made by , though the UAE-centric focus—evident in domain registrations like .ae.net and —underscores persistent regional cyber threats to seekers.

References

  1. [1]
    ToTok cofounder's exclusive interview with Khaleej Times
    We officially launched ToTok in August 2019, when our ToTok company was set up in the ADGM Free Zone. In less than two months, we celebrated two million user ...
  2. [2]
    Malicious Life Podcast: ToTok, Part 1: How to Convince Someone to ...
    It was just a messaging app, with no features you couldn't find in other apps. Its interface was nearly identical to WhatsApp's. So what was it that made ToTok ...
  3. [3]
    It Seemed Like a Popular Chat App. It's Secretly a Spy Tool.
    Dec 23, 2019 · ToTok, an Emirati messaging app that has been downloaded to millions of phones, is the latest escalation of a digital arms race.
  4. [4]
    Google and Apple remove alleged UAE spy app ToTok - BBC
    Dec 23, 2019 · Google and Apple have removed an Emirati messaging app called ToTok amid claims that it is used for state spying. Not to be confused with ...
  5. [5]
    Malicious Life Podcast: ToTok, Part 2: The Masterminds of Mobile ...
    ToTok is hardly the UAE's first venture into spyware. It maintains a significant cyber-ops apparatus responsible for deploying even more sophisticated ...<|separator|>
  6. [6]
    Co-creator Defends Suspected UAE Spying App Called ToTok - VOA
    Jan 2, 2020 · But ToTok described itself on Apple as coming from developer Breej Holding Ltd. ... G42's sole director listed in Abu Dhabi Global Market ...
  7. [7]
    ToTok app removed from App Store, Google Play in UAE - Gulf News
    Dec 22, 2019 · Since 2017, voice and video calls using apps such as WhatsApp, Skype, Facebook, Google Duo and Messenger have been banned in the UAE.
  8. [8]
    ToTok app 'spying tool' for UAE: report – DW – 12/23/2019
    Dec 23, 2019 · In the UAE, most Voice over Internet Protocol (VoIP) apps are banned, including the likes of WhatsApp and Skype. That made ToTok an attractive ...
  9. [9]
    UAE law strictly prohibits espionage, TRA responds to ToTok ...
    Dec 27, 2019 · The TRA reiterated that VoIP apps approved in the country are subject to these standards and their implementation is monitored on an ongoing ...
  10. [10]
    Internet calls in UAE: 17 VoIP apps that are legally allowed
    Oct 31, 2022 · "If the service is not provided by a licensee or approved by TDRA, the authority urges you not to use such software/application as you are ...<|control11|><|separator|>
  11. [11]
    Messaging app ToTok is reportedly a secret UAE surveillance tool
    Dec 22, 2019 · ToTok was released on July 27, and quickly grew in popularity in the U.A.E. Other messaging apps such as WhatsApp and Skype are blocked in the ...
  12. [12]
    Android Spyware in the UAE Masquerades as ... - Dark Reading
    Oct 2, 2025 · Hackers are spreading two families of mobile spyware around the United Arab Emirates (UAE) by masking them as the ToTok app.Missing: allegations | Show results with:allegations
  13. [13]
    Android spyware campaigns impersonate Signal and ToTok ...
    Oct 2, 2025 · ToTok is developed by the UAE-based artificial intelligence company G42 and was kicked out from the Apple and Google app stores in 2019 ...
  14. [14]
    How to Build an App Like ToTok: An HD Video Call App - TechnoYuga
    May 23, 2025 · Building an app like ToTok requires strategic planning, the right tech stack, a focus on user privacy, and a seamless video calling experience.
  15. [15]
    an analysis of the ToTok app - Objective-See's Blog
    Dec 20, 2019 · It's reviews (over 32,000!) are largely positive, and mostly laud the fact that this application is not blocked in the UAE (Skype, WhatsApp, etc ...
  16. [16]
    Risks of the Microsoft-G42 Deal - American Security Project
    Jul 15, 2024 · In 2019, G42's messaging app ToTok, built off of the Chinese app Yeecall, was accused by American officials of being a spy tool for the UAE ...<|separator|>
  17. [17]
    ToTok Features – Unlimited free calling and conference calls
    ToTok offers unlimited free audio/video calls, 20-person group video calls, 10,000-person group chats, and retouch filter for video calls.Missing: VoIP capabilities
  18. [18]
    FAQ – How to use ToTok to video call and chat
    ToTok allows you to make voice and video calls, send messages, and send photos, videos, documents, location and contacts.Missing: VoIP capabilities
  19. [19]
    ToTok - Free HD Video Voice Calls APK for Android - Download
    Rating 8/10 (1,502) · Free · AndroidOct 17, 2023 · ToTok is a communication and messaging app that offers unlimited free calls as long users are connected to the Internet.Missing: text | Show results with:text
  20. [20]
    Emirati 'surveillance app' ToTok promoted by Huawei as Apple ...
    Dec 23, 2019 · That free govt-approved VoIP app that replaced all the banned encrypted chat apps ... "Stay connected anywhere, anytime with ToTok Messenger," it ...<|separator|>
  21. [21]
    ToTok APK- Features & Why It Outsmarts WhatsApp and Skype
    Oct 16, 2025 · VoIP (Voice over Internet protocol) is allowed to be used only if you are using a licensed VoIP provider. Businesses can function in ...
  22. [22]
    Safe, secure and free to use - ToTok
    On ToTok, chats and calls are strongly encrypted to prevent malicious parties from having access to your private conversations. Your messages are securely ...<|separator|>
  23. [23]
    Privacy Policy – Privacy and security, anywhere, anytime - ToTok
    This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, through the use of our instant messaging ...Information We May Collect... · Sharing Your Personal Data · Your Rights
  24. [24]
    Privacy Policy - ToTok Messenger
    We may collect and process personal data when we provide the Services. The personal data we collect includes: Account data for the Application or other Services ...Information We May Collect... · How We Use Your Personal... · Your Rights
  25. [25]
    Uninstall This Alleged Emirati Spy App From Your Phone Now
    Dec 22, 2019 · A messaging app called ToTok had scores of positive reviews, particularly from users in the UAE. US intelligent officials say it may be spying for that ...
  26. [26]
    Top 50 Social App ToTok Outed As Spying Tool For United Arab ...
    Dec 23, 2019 · Apple and Google have removed an app American officials call a spying tool for the United Arab Emirates from the App Store and Google Play.
  27. [27]
    Here's how you can use ToTok, the free internet calling service, in ...
    Dec 22, 2019 · Since 2017, voice and video calls using apps such as WhatsApp, Skype, Facebook, Google Duo and Messenger were banned in the UAE. Supplied. 5/5.
  28. [28]
    China's Huawei Endorsed Emirati Spy App ToTok in Ads
    Dec 23, 2019 · China's Huawei endorsed an Emirati messaging app that reportedly tracked messages and photos sent by its millions of users.Missing: pre- | Show results with:pre-
  29. [29]
    Popular chat app ToTok is reportedly secret United Arab Emirates ...
    Dec 23, 2019 · A report from The New York Times has revealed that messaging app ToTok, popular in the United Arab Emirates, is in fact a government spy tool, ...
  30. [30]
    Popular chat app ToTok is actually a spying tool of UAE government
    Dec 24, 2019 · Government reportedly uses ToTok to track conversations, locations and other data of those who install the app.Missing: allegations | Show results with:allegations
  31. [31]
    NYT: Popular ToTok messaging app is secretly an Emirati spying tool
    Dec 22, 2019 · The supposedly secure messaging app ToTok is actually a spying tool being used by the government of the United Arab Emirates to mass surveil its users.Missing: exposure | Show results with:exposure
  32. [32]
    NYT report states that ToTok app is a government spy tool.
    Dec 24, 2019 · A popular mobile app in the Middle East called ToTok has been removed from both Apple and Google's online stores because it was a spy tool.
  33. [33]
    ToTok: Why Apple and Google Can't Stop Surveillance Apps - Fortune
    Dec 23, 2019 · Apple and Google removed ToTok, a chat app that has been downloaded millions of times by users worldwide, amid claims the app was a front for the government.
  34. [34]
    Apple and Google Stop Distributing ToTok Messaging App
    Dec 24, 2019 · Apple and Google have stopped distributing a messaging app called ToTok over allegations that it's a government-built surveillance tool.
  35. [35]
    UAE denies developing popular Middle East app as spy tool
    Dec 28, 2019 · UAE denies developing popular Middle East app as spy tool. After report claims ToTok allows the Emiratis to track users, telecoms authority says ...
  36. [36]
    Creator Defends Suspected UAE Spying App ToTok
    Corporate filings involving the Emirati voice and video calling app ToTok disappeared after reports alleging it was a spy tool of the UAE government. After ...
  37. [37]
    ToTok - Wikipedia
    ToTok was a messaging app and Voice over IP app, developed by G42, a UAE-based artificial intelligence company. It was the first Voice over IP app which the ...
  38. [38]
    Alleged Spy App ToTok Puts Apple in a Bind - WIRED
    Jan 8, 2020 · Apple and Google both banned ToTok after reports that it was a UAE government surveillance tool. After Google reinstated it, Apple has a hard ...
  39. [39]
    Country Reports on Terrorism 2022: United Arab Emirates
    The United Arab Emirates (UAE) advanced counterterrorism (CT) efforts in 2022 particularly in countering terrorist financing and in the international ...
  40. [40]
    The United States and UAE partner against ISIS propaganda
    Jun 7, 2021 · The Global Coalition to Defeat the Islamic State of Iraq and Syria (ISIS) toppled the group from its areas of territorial control in the Middle ...
  41. [41]
    Counterterrorism | UAE Embassy in Washington, DC
    The UAE works to confront and eradicate terrorism and extremism across the Middle East and worldwide.
  42. [42]
    Calling app ToTok used as 'spying tool' by UAE: Report - Al Jazeera
    Dec 23, 2019 · Report claims app tracks 'conversation, movement, relationship, appointment, sound and image of those who install it'.Missing: growth | Show results with:growth
  43. [43]
    Co-creator defends suspected UAE spying app called ToTok
    Jan 2, 2020 · By installing the app, users agreed to allow access to their mobile device's microphone, pictures, location information and other data. “By ...
  44. [44]
    Co-creator defends suspected UAE spying app called ToTok
    Jan 2, 2020 · He mentioned plans to have ToTok become like China's all-encompassing app WeChat, handling payments, social media posts and other high-frequency ...
  45. [45]
    UAE's TRA issues statement regarding ToTok app issue - ZAWYA
    Dec 27, 2019 · The TRA imposes strict standards to protect users privacy, which are in compliance with International standards. "The standards are strictly ...
  46. [46]
    UAE laws prohibit data breach, TRA says in response to Totok issue
    Dec 28, 2019 · The ToTok app was particularly appealing to users because it offered free calls. The TRA said all telecom apps in the UAE apply strict privacy ...Missing: approval | Show results with:approval
  47. [47]
    Which communication apps can be used in Dubai - Relocate UAE
    Oct 8, 2024 · Messengers have become an important part of life in the UAE, helping locals and immigrants establish contact. Find out how the Dubai ...
  48. [48]
    20+ Best Video Calling Apps in UAE: 2025 - Devtechnosys.ae
    Apr 28, 2025 · BOTIM is an approved VoIP and free video call app in UAE offering encrypted calls, messaging, file sharing, and group chats. Widely used for ...Missing: successor | Show results with:successor
  49. [49]
    ToTok, Baz and others: The UAE and KSA promote unsafe ...
    Jan 27, 2025 · The founding company is based in San Francisco and is deployed in the UAE. Some users suspected that Baaz was a spying tool, an allegation ...
  50. [50]
    UAE residents increase VPN downloads by 1.8 million in 2023
    Jan 18, 2024 · In 2023, UAE residents increased their downloads of virtual private network (VPN) apps by 1.83 million, reaching a total of 6.1 million, ...
  51. [51]
    UAE residents permitted to use VPNs, misuse 'is a problem', says ...
    Feb 4, 2024 · The UAE residents downloaded 6.1 million VPN apps last year, an increase of 1.83 million from the previous year.
  52. [52]
    UAE Cybersecurity Official Warns of VPN Abuse - Dark Reading
    Feb 6, 2024 · UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the Global VPN ...
  53. [53]
    UAE: Mass Surveillance Threatens Rights, COP28 Outcome
    Nov 30, 2023 · Participants attending the 28th annual United Nations Climate Change Conference (COP28), hosted by the United Arab Emirates (UAE) in Dubai, ...
  54. [54]
    The strange, unexplained journey of ToTok in Google Play fuels ...
    Feb 21, 2020 · In a reversal, Google now warns app can spy on texts, recordings, photos, and other data.Missing: debate | Show results with:debate
  55. [55]
    Google confirms it again removed alleged spying tool ToTok from ...
    Feb 17, 2020 · Google confirmed to TechCrunch that it removed the app from Google Play but that enforcement was not done in response to any external direction or request.
  56. [56]
    Android spyware disguised as legitimate messaging apps targets ...
    Oct 2, 2025 · Researchers have found two Android spyware families masquerading as messaging apps Signal and ToTok, apparently targeting residents of the
  57. [57]
    New spyware campaigns target privacy-conscious Android users in ...
    Oct 2, 2025 · ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United ...Missing: allegations | Show results with:allegations
  58. [58]
    ESET Research discovers new spyware posing as messaging apps targeting users in the UAE
    ### Summary of ESET Research on Android/Spy.ProSpy and Android/Spy.ToSpy