Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorised videos.
The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature.
Originally launched in November 2018, Chingari has witnessed a huge surge in popularity over the past few days in the wake of India’s ban on Chinese-owned apps late last month, crossing 10 million downloads on the Google Play Store in under a month.
The Indian government recently banned 59 apps and services, including ByteDance’s TikTok, Alibaba Group’s UC Browser and UC News, and Tencent’s WeChat over privacy and security concerns.
While these apps have been delisted from Apple and Google’s app stores, several home-grown alternatives, such as InMobi Group’s Roposo, Chingari, and Mitron, have ramped up their efforts to cash in on the void left by TikTok.
images from Hacker News