Mitron has been popularised by claiming that it is an Indian version of TikTok which launched on April 11, 2020 by Shivank Agarwal, a student at IIT Roorkee.
Recently, Google has suspended Mitron from its Play Store and has claimed of vulnerability that allowed hackers to take control of the account. As it has been removed from Google Play Store, nobody can download it now.
But what about those who have already downloaded it?
An advisory has been issued by the Maharashtra Cyber Cell department in this regard. The advisory has been posted on Twitter and stated about how Mitron app is not an ‘Indian’ app as claimed before and has vulnerabilities so users should uninstall it immediately.
The fault in the app did not make a secure logging in process. Although, Mitron showed the option to login via Google account, using credentials and information from Google, it has not really used it or created any unique token for authentication.
The advisory stated, “One can log in to any targeted Mitron user profile just by knowing unique user ID, which is publicly available in the page source, and without entering any password.” Also, the advisory mentioned that Mitron hasn’t used SSL (Secure Sockets Layer) for the login. This, somehow, could allow hackers to take control of the account and send messages, follow others, and even comment on their behalf.
Collaborated with the previous reports, an advisory confirmed that it is not an Indian app. In fact, it is a rebranded version of Tic Tic app.
Moreover, it was developed by a developer from Pakistan called Qboxus. Later, it was sold to an IIT-ian Shivank who as given this app a news name as Mitron on Google Play. Although, the identity of the IIT-ian is still unknown.
At last, an advisory has clearly mentioned a precautionary measure for users to uninstall Mitron app as it could put users’ personal information and data on risk.