News
Vulnerability in TikTok’s Android app was allowing attackers to secretly access user accounts
- September 2, 2022
- Updated: July 2, 2025 at 3:28 AM
TikTok is a hot topic these days with politicians all over the Western World frothing at the mouth at the possibility of the Chinese app getting its hands on their citizens’ data. There are other security concerns that need to be taken seriously, however, such as the more traditional cybersecurity issues we regularly report on here at Softonic. Today we have news of a vulnerability in the TikTok app for Android that has been allowing attackers to secretly access users’ data. Let’s go through the details now:
It is a popular method for cybersecurity and antivirus specialists to raise the profile of their products by reporting on security vulnerabilities they have uncovered. This is even the same for security researchers at software giants like Microsoft. The Microsoft Defender 365 Research Team has released a report exposing a security vulnerability in the TikTok Android app that “could lead to one-click account hijacking”.
Fortunately, although the vulnerability was active for a period of time, it was quite complex and required a chain of multiple issues to occur at once, in order for the exploit to be taken advantage of. This means that the vulnerability has now been closed before any seeming exploits have been actioned.
This is great news because although it would have been difficult to exploit, the vulnerability was quite serious, with the Defender 365 team reporting:
“The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Once again, a security issue is highlighting the need for vigilance when you are online. It is more important than ever to take care whenever you are clicking links or downloading files. As always in these cases, we recommend you refer to our phishing scam and fake link infographic every time you come across something suspicious.
Image via: Flickr
Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.
Latest from Patrick Devaney
You may also like
NewsRevolution in the audiovisual: the series that will arrive on two streaming platforms at the same time
Read more
NewsThe creator of 'Black Mirror' brings together the cast of 'Game of Thrones' in his new series for Netflix
Read more
NewsThe developers of Ghost of Yotei say they are "still hungover" after learning about the delay of GTA6
Read more
NewsThe new Battlefield will still take months to come out, but fans have revived the servers of their favorite Battlefield
Read more
NewsThis movie by Denzel Washington and Spike Lee is 35 years old, it's a masterpiece and you can watch it streaming right now
Read more
NewsThe creator of the Borderlands saga warns that you might want to play Borderlands 4 on consoles
Read more