TikTok was banned in India along with 58 other Chinese Apps. The main reason behind this app ban was made clear through a Press Release by the Government, the press release states,
"The Ministry of Information Technology, invoking it’s power under section 69A of the Information Technology Act read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 and in view of the emergent nature of threats has decided to block 59 apps ( see Appendix) since in view of information available they are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order. Over the last few years, India has emerged as a leading innovator when it comes to technological advancements and a primary market in the digital space. At the same time, there have been raging concerns on aspects relating to data security and safeguarding the privacy of 130 crore Indians. It has been noted recently that such concerns also pose a threat to sovereignty and security of our country. The Ministry of Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and iOS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India. The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures. The Indian Cyber Crime Coordination Centre, Ministry of Home Affairs has also sent an exhaustive recommendation for blocking these malicious apps. This Ministry has also received many representations raising concerns from citizens regarding security of data and risk to privacy relating to operation of certain apps. The Computer Emergency Response Team (CERT-IN) has also received many representations from citizens regarding security of data and breach of privacy impacting upon public order issues. Likewise, there have been similar bipartisan concerns, flagged by various public representatives, both outside and inside the Parliament of India. There has been a strong chorus in the public space to take strict action against Apps that harm India’s sovereignty as well as the privacy of our citizens. On the basis of these and upon receiving of recent credible inputs that such Apps pose threat to sovereignty and integrity of India, the Government of India has decided to disallow the usage of certain Apps, used in both mobile and non-mobile Internet enabled devices. These apps are listed in the attached appendix".
So, to be precise, the app was banned because it was a potential threat to Indian citizens online data privacy. TikTok was found monitoring user activities on their smartphone, such as accessing location details from your SIM card, without even asking for permission, accessing clipboard data, which may contain sensitive information like OTP & passwords.
A Reddit user reverse engineered TikTok & found out some bitter truth, you can read it here.
There's a rumour spreading on social sites stating that TikTok was banned because a YouTuber named Carryminati roasted TikTok Creators in his video (the video was removed by YouTube later because it violates their Community Guidelines), which is absolutely not the fact. Now after TikTok ban, a lot of Indian developers & Tech start-ups started releasing their TikTok alternatives on Google Playstore & Apple's Appstore, among the released alternatives, the most popular are Mitron, Chingari and Roposo. (I didn't mention Instagram Reels here because it's an added feature to Instagram by Facebook).
We'll discuss about the apps in detail and talk about the potential security threats.
1. Mitron- This is a Made in India short video sharing app, which went viral on Google Playstore shortly after it's release. However, the app's security was not better than TikTok instead it was much worse. The app has a built in "Sign in with Google Feature" which does not create any security key for authentication, thus making it easy for hackers to take over any account on the platform.
Here's a Proof of Concept (POC) video shared by a researcher-
2. Chingari - This TikTok alternative Made In India app also has the same flaw as that of Mitron.
Here's a Proof of Concept Video revealed by a researcher-
These apps "TikTok alternatives" though Made in India are not safe because they're not developed by a proper team of developers, & they don't have proper Community Guidelines. If you're using any of these TikTok alternatives then please uninstall it from your device or feel free to compromise your data.
Instagram recently released an update where they introduced a new short video sharing feature named "Reels". Instagram is owned by Facebook. Facebook always tries to extend their market & platform by giving a tough competition to it's competitors. In mid 2019, Instagram released an app named "Threads", a Snapchat clone app, using which you can communicate with your close friends on Instagram. But unfortunately, Threads was not well accepted by the audience, & most of the Instagram users don't even know about this app.
This post was written to create awareness among people regarding the security issues of these apps, in upcoming blog posts, I'll write detailed reports of the vulnerabilites present in these apps. So, if you're interested in Tech & Cybersecurity, feel free to subscribe :) !
Thanks for reading! Have a nice day.