The supposedly secure messaging app ToTok is actually a spying tool being used by the government of the United Arab Emirates to mass surveil its users, the New York Times reports, citing its own internal investigation and U.S. officials familiar with a classified intelligence assessment.

Why it matters: The app has been downloaded by millions of users in the Middle East, North America, Europe, Asia and Africa, and it was one of the most downloaded social apps in the U.S. last week. Its exploitation by the Emiratis is an illustration of how authoritarian governments are increasingly finding novel and more effective ways to expand their surveillance networks and crack down on perceived enemies or dissenters.

What we know: ToTok is said to mine data from users' contacts list and tracks locations by offering a localized weather forecast, much like other Apple and Android apps.

It also has access to microphones, cameras and user calendars.

The app doesn't claim to be encrypted like WhatsApp or Signal, and its privacy policy notes that it "may share your personal data with group companies."

ToTok was removed from the Apple and Google Play stores after the companies were notified by the Times, but users who already downloaded the app will still be able to use it.

The big picture: The Emiratis' exploitation of the app, which is linked to a private intelligence company under investigation by the FBI, follows a pattern of authoritarian countries using digital apps to gather information.

The FBI reported in December that the Russian photo-editing app FaceApp is a potential counterintelligence threat.

Lawmakers have also raised security concerns about the Chinese video app TikTok, which has become massively popular among teens in the U.S.

Go deeper: