"When you start analyzing an app like this you expect to find a backdoor or some zero day exploits,” Wardle says. “But the more I think about it, this is actually a more elegant approach, which is just leveraging completely legitimate functionality. What that gives you is a very cost effective, easy way to gain a ton of information on people."The developer behind ToTok, Breej Holding Ltd., did not return a request for comment.First released on July 27, ToTok spiked in popularity in the UAE in August and then spread to other Middle Eastern countries and the rest of the world from there. The app had scores of positive reviews, particularly from users in the UAE who were excited about its lack of restrictions. It was also ranked as a most popular app in many regions on Google Play and the App Store. The app had at least 600,000 downloads across Android and iOS in November and was trending in the US in the last couple of weeks.
The developer, Breej Holding Ltd., does not have an extensive online footprint. In his technical analysis of ToTok for iOS, Wardle found indications that the app was not developed from the ground up and instead was based on code from the Chinese communication app YeeCall, likely through some type of licensing agreement. The New York Times concluded that Breej Holding Ltd. is likely a shell company for DarkMatter, an Abu Dhabi-based digital intelligence firm that contracts directly with the Emirati government and employs former intelligence agents from countries like the United States and Israel. US authorities are currently investigating DarkMatter for possible hacking crimes.