Google has allowed chat app ToTok back onto the Play Store after originally removing the app in December. That month the New York Times reported that ToTok was secretly a surveillance tool for the United Arab Emirates government, allowing it to spy on ToTok users' locations, messages, and social connections.
“We take reports of security and privacy violations seriously. If we find behavior that violates our policies, we take action," a Google spokesperson told Motherboard in an email.
Citing unnamed U.S. intelligence officials, the New York Times wrote ToTok is "used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound, and image of those who install it on their phones." The app was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa, and North America, the report added.
After the Times approached Google and Apple for comment, both companies removed ToTok from their app stores as they investigated.
Do you know anything else about ToTok? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Motherboard processed the ToTok Android application through malware search engine VirusTotal on the same day the Times published their article. At the time, no anti-virus companies marked the app as malicious. On Monday, ESET, Fortinet, and Symantec all flagged the same version of the app as malicious.
The version of ToTok on the Play Store is an updated version. Under a "what's new" section, the ToTok app page reads "There is a newly designed dialog to ask your authorization of accessing and syncing your contact list." When Google originally removed the app, it told the New York Times ToTok had violated unspecified policies.
"The wait is over. We are happy to inform you that #ToTok is now available for download on the Google Play Store. Thank you for your patience. Let's connect!" ToTok wrote in a short announcement on its website on Sunday. ToTok co-creator Giacomo Ziani defended the app in an interview with the Associated Press, and said he had no knowledge that people linked to his project had ties to UAE intelligence.
Apple did not immediately respond to a request for comment on whether it will also reinstate the application on its own app store.
Subscribe to our cybersecurity podcast, CYBER.