It's no secret that some messaging apps are favored by authoritarians, but one app may be explicitly designed with spying in mind. Unnamed US officials speaking to the New York Times say that the chat app ToTok is believed to be a surveillance tool for the United Arab Emirates. According to a classified intelligence report, the UAE uses ToTok to follow users' conversations, track locations (under the guise of weather), determine social connections and look at media. Most of the app's million of users live in the UAE, but it's popular elsewhere in the world and has seen a surge of demand in the US.

There appear to have been attempts to cover up ToTok's roots. It's officially developed by Breej Holding, but that's believed to be a front for DarkMatter, a cyberintelligence company run by UAE intelligence officials and former operatives from the NSA and Israeli military intelligence. The software is also linked to Pax AI, a data mining company linked to DarkMatter that operates from the same building as the UAE's signals intelligence agency... [T]he software itself is believed to be a lightly modified clone of a Chinese app, YeeCall.

Breej, the UAE and the CIA have declined to comment. The FBI said it wouldn't comment on a particular app, but stressed that it wants users to be conscious of the "potential risks and vulnerabilities" they can pose.

Both Apple and Google have pulled ToTok from their respective app stores... However, the damage might already be done when hordes of people already have the app.