The saga of ‘Mitron’—the video-sharing app touted as India’s answer to TikTok—grows more sordid with each day. Today, the app was removed from the Google Play Store for violating Google’s “spam and minimum functionality” policy, according to YourStory.
Touted as a ‘Made in India’ app, it was released at a time when Prime Minister Narendra Modi’s ‘vocal for local’ pitch created a fervour for indigenous development—so much so that an app called ‘Remove China Apps’ has already crossed a million downloads.
The app even earned the praise of Union Minister for Electronics and Information Technology Ravi Shankar Prasad, who called it a "great platform" and an "reply to TikTok and Facebook".
Mitron raked up well over five million downloads in the first month of its launch. But, far from being a dose of desi originality, it turned out to have been a clone of a Pakistani app.
Multiple reports have found that the app is a repackaged clone of ‘TicTic’, which was developed by a Pakistani developer QBoxus. The developers put their code up for sale on the website CodeCanyon, where Mitron’s developers reportedly purchased it for $34 (Rs 2,600).
While Mitron’s developer—supposedly an IIT-Roorke graduate—has yet to speak out about his app, the Pakistani studio have confirmed to other news outlets that the code was, indeed, theirs. In fact, QBoxus’ website still lists Mitron as one of its projects (clicking on the link takes one to the page to buy TicTic’s code on CodeCanyon.)
Everything about the Mitron app screams duplicate. Its UI is lifted directly from that of TikTok, but notably, many parts appearing not to work at all. Clicking on the song playing during a video does not show you videos made by other users with the same song. In addition, the trending videos page did not update in days—in fact, one of its ‘trending’ videos was a re-upload of a TikTok video under a different user’s name!
Unlike TikTok, Mitron did not have any option for ‘verified’ users at the time of writing this article, which can lead to the problem of impersonation.
Worse than this problem, however, is the security aspect. Cybersecurity researcher Rahul Kankrale tweeted saying that the app did not use any authentication mechanism for its users. This allows anyone to be able to take over any Mitron account provided you have the user-id of the victim. The flaw remained unpatched, prompting leading cybersecurity portal The Hacker News to urge users not to install or keep it on their devices.
In short, since:
— The Hacker News (@TheHackersNews) May 30, 2020
✅ flaw (discovered by @rahulkankrale) has not yet been patched,
✅ owner of the app is unknown,
✅ you can't delete your profile,
✅ there are no privacy policy & terms of use,
...it's recommended to simply do not install or use the untrusted applications.
It is not yet known whether Google’s removal of the app from the play store is in response to this.
On Tuesday, the Play Store did not show the original Mitron app anymore. However, a few fake apps were visible with far fewer downloads and a slightly different logo than Mitron's—a likely security risk for users looking for Mitron.
Only a statement from the developer can clear the air, and the appmaker will have their work cut out for them if they want to fix Mitron’s security issues and regain their spot in the Play Store. More importantly, if they truly want to challenge TikTok, the app will need creators of the quality and popularity of the top TikTokers to get onboard the platform. Given Mitron’s catastrophic security reputation, that seems unlikely.
