The Tik Tok Clone (Mitron App) Can Be Hacked in Seconds

‘Mitron’, delete it now. No, this is not a quote from a speech by PM Narendra Modi. The app Mitron is a clone of Tik Tok and a treacherous one. ‘Mitron’, which is India’s answer to the global phenomenon TikTok, is an android app that has gained popularity almost overnight with 5 million downloads and 250,000 5-star ratings within 48 days of launching.

Within the environment of the Government’s self-reliant India scheme and controversies about Tiktok on another social media platform and controversies about the now-deleted popular roasting video of Carry Minati this alternative android app with similar features and service for making and mimicking small-time videos had literally touched the sky and gained extreme success. But the problems and the loopholes with possibilities for crimes on this app are high.

The app is not capitalized by any big company and even the owner of the company is still unknown. According to The Hacker News, the app contains a critical and easy-to-exploit software vulnerability that could let anyone bypass account authorization for any Mitron user within seconds. The poor development and the anonymous owner makes your account terribly prone to hacking as you gain popularity on the platform.

Source Of The App

Many companies buy the core coding from other companies and wrap it around with new UI and additional features and curriculum. But Mitron is not even coded by any Indian as it claimed to be. It just bought the source code and rebranded it with a new logo and launched it without any further development. With the ethnopolitical controversies in China about Tiktok, many countries have developed their own alternatives. One such app is the Tic Tic of Pakistan.

The Mitron app was bought for only Rs. 2500 or $34 on Code Canyon from Qboxus, a Pakistani app development company for purchasing ready-to launch clones apps of musical.ly, Tik Tok, Dubsman. But the problem is that they launched it without any protection of the users or protection of personal data. Irfan Seikh, CEO of Qboxus also said that “There is no problem with what the developer has done. He paid for the script and used it, which is okay. But the problem is with people referring to it as an India-made app, which is not true, especially because they have not made any changes.”

The Software Vulnerabilities

Tik Tok has been using the users’ data purportedly for surveillance which causes it to lose many users and they blindly turned to apps from untrustworthy alternatives without doing any research.

Researcher Rahul Kankrale has tweeted that the way the app implements ‘login with Google ‘ feature asks the users’ permission to derive data from their Google account but doesn’t verify it as it should be. This indicates that how they unethically gain access to your data and do not correctly link it with the correct user.

Moreover, what is more threatening is that anyone can be authorized to log in to any Mitron account if he knows the unique User ID which is available on the homepage. The open loops in this app are difficult to know for a regular person. But your personal data can be made available to anyone in the cloud.

The next problem with this app if you already have installed it and using it is that you can never delete your account permanently. Access to your information on your Google account is always accessed. But if you have not gained at least a few thousand followers on the app you are on the safer side.

Complete explanation by researcher can be found at https://servicenger.com/blog/mobile/mitron-app-account-takeover-vulnerability-unpatched/

What Makes It Untrustworthy?
● The owner is still unknown
● The app accesses the Google account of the user
● The app cannot be deleted permanently
● Anyone can log in to any account just by providing the user ID
● There is no privacy policy whatsoever
● There are no terms of use

Why Should You Delete Your Mitron Account Immediately?

Most of the bugs have yet not been patched and this app provides hackers easy access to your Google account. 5 million people have already created their accounts in this app. If you have still not done it then you are safe but if you have and are using it extensively you should immediately revoke it. There are no privacy and data-processing details on Mitron so it is best to uninstall this con app to downsize the risk of hacking.

Author: Prachi K

Technical Writer, Branding Executive – Hackers Interview. Prachi has professional experience in the area of Branding and Article writing.