News
Vulnerability in TikTok’s Android app was allowing attackers to secretly access user accounts
- September 2, 2022
- Updated: July 2, 2025 at 3:28 AM
TikTok is a hot topic these days with politicians all over the Western World frothing at the mouth at the possibility of the Chinese app getting its hands on their citizens’ data. There are other security concerns that need to be taken seriously, however, such as the more traditional cybersecurity issues we regularly report on here at Softonic. Today we have news of a vulnerability in the TikTok app for Android that has been allowing attackers to secretly access users’ data. Let’s go through the details now:
It is a popular method for cybersecurity and antivirus specialists to raise the profile of their products by reporting on security vulnerabilities they have uncovered. This is even the same for security researchers at software giants like Microsoft. The Microsoft Defender 365 Research Team has released a report exposing a security vulnerability in the TikTok Android app that “could lead to one-click account hijacking”.
Fortunately, although the vulnerability was active for a period of time, it was quite complex and required a chain of multiple issues to occur at once, in order for the exploit to be taken advantage of. This means that the vulnerability has now been closed before any seeming exploits have been actioned.
This is great news because although it would have been difficult to exploit, the vulnerability was quite serious, with the Defender 365 team reporting:
“The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Once again, a security issue is highlighting the need for vigilance when you are online. It is more important than ever to take care whenever you are clicking links or downloading files. As always in these cases, we recommend you refer to our phishing scam and fake link infographic every time you come across something suspicious.
Image via: Flickr
Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.
Latest from Patrick Devaney
You may also like
NewsPremiere Pro meets Photoshop: Motion Graphics Workflow
Read more
NewsThe new Magic: The Gathering collection takes us to one of the most beloved animated series of the last 20 years
Read more
NewsWe already know when the second season of the live-action One Piece series will premiere
Read more
NewsThe director of Final Fantasy 7 Remake says we should lower our expectations for the third installment of the trilogy
Read more
NewsOne of the most beloved cult games of Nintendo DS comes to PC with a remake that lives up to its legacy
Read more
NewsCivilization VII announces a new major update to fix the fans' big issue with the game
Read more