Researchers discovered four flaws in TikTok’s Android app which made users vulnerable to benign third-party Android apps. These flaws allowed attackers to possibly compromise a target’s TikTok account, along with access to their private messages and videos on the app. These flaws also allowed the attackers to override the app’s permission settings, allowing them to access all pictures, videos, contacts, web browser downloads and recording functions of the user’s device.
The flaws were discovered by researchers at Oversecured, who said: “all these vulnerabilities could have been exploited by a hacker if a user had installed a malicious app onto their Android device” in a Friday post. All flaws and bugs have been patches since the incident in the updated version 17.4.4 of the app. In order to be safe from vulnerabilities, users should update their app to the latest version of TikTok.