ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa, and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

But the service, ToTok, is actually a spying tool, according to US officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound, and image of those who install it on their phones.

WASHINGTON — It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

ToTok amounts to the latest escalation in a digital arms race between wealthy authoritarian governments, interviews with current and former US foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists, and critics — efforts that have ensnared people all over the world.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and US contractors — to hack rivals and, increasingly, their own citizens. ToTok, experts said, showed the governments can cut out the intermediary to spy directly on their targets.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees, and former Israeli military intelligence operatives work. DarkMatter is under FBI investigation, according to former employees and law enforcement officials, for possible cybercrimes. The US intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The UAE is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the CIA and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to e-mails and messages. An FBI spokeswoman said that “while the FBI does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when US intelligence services determined ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that US officials have warned some allies about its dangers. It is not clear whether US officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on condition of anonymity, said senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former NSA hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

In reviews, Emiratis have expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries.