News
Vulnerability in TikTok’s Android app was allowing attackers to secretly access user accounts
- September 2, 2022
- Updated: July 2, 2025 at 3:28 AM
TikTok is a hot topic these days with politicians all over the Western World frothing at the mouth at the possibility of the Chinese app getting its hands on their citizens’ data. There are other security concerns that need to be taken seriously, however, such as the more traditional cybersecurity issues we regularly report on here at Softonic. Today we have news of a vulnerability in the TikTok app for Android that has been allowing attackers to secretly access users’ data. Let’s go through the details now:
It is a popular method for cybersecurity and antivirus specialists to raise the profile of their products by reporting on security vulnerabilities they have uncovered. This is even the same for security researchers at software giants like Microsoft. The Microsoft Defender 365 Research Team has released a report exposing a security vulnerability in the TikTok Android app that “could lead to one-click account hijacking”.
Fortunately, although the vulnerability was active for a period of time, it was quite complex and required a chain of multiple issues to occur at once, in order for the exploit to be taken advantage of. This means that the vulnerability has now been closed before any seeming exploits have been actioned.
This is great news because although it would have been difficult to exploit, the vulnerability was quite serious, with the Defender 365 team reporting:
“The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.”
Once again, a security issue is highlighting the need for vigilance when you are online. It is more important than ever to take care whenever you are clicking links or downloading files. As always in these cases, we recommend you refer to our phishing scam and fake link infographic every time you come across something suspicious.
Image via: Flickr
Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.
Latest from Patrick Devaney
You may also like
NewsAfter sweeping through its country, the Portuguese version of the most iconic series of Spanish television arrives
Read more
NewsThis remake of an iconic film about marital collapse arrives in theaters
Read more
NewsOrange Belgium is facing a significant data leak affecting 850,000 customers
Read more
NewsThis new Netflix series delves into a political crisis led by women
Read more
NewsThe AI tools and how they are redefining the online presence of companies
Read more
NewsDaniel Day-Lewis returns after 8 years of retirement, and he does it in style directed by his son
Read more