Maharashtra Cyber cell issues advisory on Mitron app, asks users to uninstall it
The app witnessed over 5 million downloads before it was removed by Google.
Mitron, the app that was said to be a rival to TikTok, was recently suspended from Google Play Store. It also said to have a vulnerability that allowed hackers to take control of the account. Although the app is removed from the Play Store, nobody can download it from there. But for those who already have downloaded it, Maharashtra Cyber Cell department has issued an advisory for you. Posted on Twitter, the advisory talks about how Mitron app is not an ‘Indian' app as claimed before and has vulnerabilities so users should uninstall it immediately.
The app witnessed over 5 million downloads before it was removed by Google. However, the flaw in the app didn't make logging in process a secure one. The warning mentions that although Mitron showed the option to log in via Google account, using credentials and information from Google, it didn't really use it or created any unique token for authentication.
“One can log in to any targeted Mitron user profile just by knowing unique user ID, which is publicly available in the page source, and without entering any password,” stated the advisory. Also mentioned is that Mitron didn't use the Secure Sockets Layer (SSL) protocol for the login. This could let hackers take control of the account and send messages, follow others and even comment on their behalf.
The advisory, corroborating with the previous reports, added that Mitron is not an Indian app per se. The app is the rebranded version of Tic Tic app, which was made by a developer from Pakistan called Qboxus. The developer reportedly sold the app to an IIT-ian, after which the app went up as Mitron on Google Play. The identity of the IIT-ian is not yet known.
In the end, the advisory clearly mentions that “As a precautionary measure, users are advised to uninstall this app as it can put your personal information and data to risk.”