Serious security issues found in a very popular iOS/Android app

TikTok, the widely popular short-form video app, is used mostly by teens to produce lip-syncing videos 3 seconds to 15 seconds in length. Loops as long as 60 seconds can be created and shared. But there have been serious questions regarding the security of the app. Back in April, after the app was the most downloaded social media title during the first quarter (#1 on Android, #2 on iOS), the Peterson Institute for International Economics called TikTok a "Huawei-sized problem." Why? Because the app was developed by a Chinese company. The Peterson Institute's worry was that the app can gather intelligence in the form of location and biometric data and send it to Beijing.
Research firm finds exploits on top-ranked iOS and Android app TikTok
Check Point Research discovered that the aforementioned issues can take place when a bad actor sends a spoofed SMS to a TikTok member and makes it appear as though it came from TikTok itself. While smartphone users can send an SMS message to themselves that delivers a link allowing them to install the TikTok app, this feature can be hijacked and used to send to unsuspecting users a phony link that could lead their TikTok account to be hacked. The video that accompanies this article, produced by Check Point, shows these different security issues that TikTok users could have been subject to.
According to the research firm, after contacting the developer of TikTok "a solution was responsibly deployed" that allows users of the app to use it safely. In a statement, TikTok security team member Luke Deshotels said, "TikTok is committed to protecting user data. We hope that this successful resolution will encourage future collaboration with security researchers."
The app is owned by Beijing ByteDance Technology Company and the U.S. is reportedly looking at the latter's purchase of Musical.ly. This was an app similar to TikTok and was ultimately merged into the latter after the transaction closed. The deal is being looked at by the Committee on Foreign Investment in the United States (CFIUS). This committee examines foreign purchases of U.S. companies to make sure that there are no national security issues related to the transaction. When ByteDance made the purchase, it failed to clear it with CFIUS which is why the deal is now under review.
For those still interested in installing TikTok, if you're using an iOS device you can download it from the App Store. Android users can install the app from the Google Play Store.