ToTok, an app released earlier this year, is tracking “every conversation, movement, relationship, appointment, sound and image of those who install it on their phones,” NYT investigators and American officials familiar with classified intelligence claimed in the report on Sunday.
The app has been downloaded millions of times through Google and Apple app stores in the Middle East, Europe, North America, Asia and Africa, according to the NYT.
Breej Holdings, the company behind ToTok, is likely to be a front company for cyber intelligence and hacking firm Dark Matter, the Times claimed, and is currently under investigation for cybercrimes by the Federal Bureau of Investigation (FBI).
Both companies had removed the app from their stores last week after NYT reporters contacted their representatives about the app’s link with the UAE state.
The report also linked ToTok to the artificial intelligence firm PAX AI, a data-mining firm based in Abu Dhabi, the UAE capital, with ties to Dark Matter.
A former National Security Agency (NSA) official, who performed a forensic analysis on the app for the Times, said ToTok appeared to be a duplicate of the Chinese app YeeCall.
The spokesmen for the Emirati government, PAX AI and Breej Holding all refused to respond to any of the NYT’s queries.
Reports this year revealed how a group of former NSA operatives and other elite US intelligence veterans helped the UAE spy on a wide range of targets through the previously undisclosed programme – from “terrorists” to human rights activists, journalists and dissidents.
According to a NYT report last year, the UAE asked the Israeli cybersecurity firm NSO group to hack into the phones of the Qatari emir and a Saudi prince among other political and regional rivals.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are currently suing NSO in an Israeli court over the hacking.