Mitron app, the Indian version of TikTok, grew in popularity with the anti-TikTok sentiment that spread like wildfire across India. Many users flocked to this new "Indian-made" app with the intention to boycott the Chinese app. Mitron, like TikTok, offered users a similar experience of viewing and sharing short video clips, but drew a lot of negative press after its origin was traced back to Pakistan in addition to its founder's lack of digital presence.
Citing violation of privacy policy, Google also removed Mitron from the Play Store, where it had garnered over 5 million downloads in less than a month's time. In another major blow to the Mitron app, Maharashtra Cyber cell unit has issued a serious warning for its users and urged them to uninstall it immediately.
Mitron's security flaws explained
In an advisory note dated June 2, Maharashtra Cyber cell listed the critical vulnerability in Mitron app and even advised millions of users to uninstall the app as it poses a serious security threat to personal information and data.
As per the advisory, Mitron app's vulnerability lets hackers exploit users' accounts by easily taking control. The cyber cell pointed out that the app uses "Login with Google" feature to sign up but doesn't use or create any secret tokens for authentication. Shockingly, anyone can log in to Mitron account using the unique user ID, which can be accessed from the page source, without needing a password.
Additionally, Mitron app does not use SSL protocol for login. Hackers could easily take control of the accounts, send messages, follow others and even comment without the account holder's permission.
The Maharashtra Cyber cell addressed the fact that MItron was falsely advertised to be an Indian product, whereas it is a repackaged version of the Tic Tic app created by Pakistani software developing firm Qboxus. Finally, the app lacks privacy policy or even terms of use and its owner is unknown.
Why uninstall Mitron?
For those who value privacy, must take this step. "As a precautionary measure, users are advised to uninstall this app as it can put your personal information and data at risk," the cyber cell warned.
Users are also advised to check the app's permissions and privacy policy before installing, vet the developers by looking for credible reviews, and if anything seems unusual, it is best to avoid.