Mitron app — the popular Indian alternative for TikTok, has been removed from Google Play store. The app had over 5 million downloads. Mitron app, an alternative to TikTok that quickly gathered a lot of attention and gained popularity of its Indian ‘origin’, as noted in many of the reviews of the app. However, it was discovered that Mitron app was reported to be a re-brand version of a Pakistani app TicTic. Now, it has been pulled from the Google Play store for violating its ‘spam and minimum functionality’ policy.
The viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. Mitron app contains a critical and easy-to-exploit software vulnerability that could let anyone bypass account authorization for any Mitron user within seconds.
The real security issue resides in the way app implemented ‘Login with Google’ feature, which asks users’ permission to access their profile via Google account but doesn’t use it. So, one can log into any targeted Mitron user profile just by knowing the unique user ID, which is available in the page source, without entering any password.
Apparently, Mitron was not actually created any IIT student as such, but by some shady company dubbed as ShopKiller. The latter bought the app source code understood to be of TicTic app from a Pakistani company Qboxus for a meager $34 (around Rs 2,570) on the CodeCanyon platform
The important fact was that the Mitron app is really the same as TicTic, down to its source code, and actually the main reason behind the loopholes that why it should never have made its way through Google’s supposedly stern security checks.
The app has raised questions about security and privacy. Security analysts also found a vulnerability in the app which could leave your account open to being taken over. A cyber security researcher said that “It’s risky to use Mitron app as it doesn’t have any additional firewall or software security on top of the source code. The privacy policy is weak and that can put user data at risk in the long run.”
You may also like
-
Dhaka Police arrests Turkish ATM hacker six months after escaping from Agartala
-
What is phishing?
-
Zloader Banking a new Malware attack can be bypass Microsoft Signature Verification.
-
Remote hacking is possible for Garrett walk-through metal detectors.
-
Code Signing Certificates are being used by new BLISTER malware to avoid detection.