There appear to have been attempts to cover up ToTok's roots. It's officially developed by Breej Holding, but that's believed to be a front for DarkMatter, a cyberintelligence company run by UAE intelligence officials and former operatives from the NSA and Israeli military intelligence. The software is also linked to Pax AI, a data mining company linked to DarkMatter that operates from the same building as the UAE's signals intelligence agency (shown above) -- and a place DarkMatter called home until recently. the software itself is believed to be a lightly modified clone of a Chinese app, YeeCall.

Breej, the UAE and the CIA have declined to comment. The FBI said it wouldn't comment on a particular app, but stressed that it wants users to be conscious of the "potential risks and vulnerabilities" they can pose.

Both Apple and Google have pulled ToTok from their respective app stores. Google said the app violated unnamed policies, while Apple explained that it was still researching the chat client. However, the damage might already be done when hordes of people already have the app. The tactic is also disconcerting by its very nature. If this is accurate, the UAE effectively convinced millions of people to hand over their information to spies without a fight. It underscores the importance of using encrypted apps -- they not only keep outside intruders away, they often prevent developers themselves from tracking your activity.