Wednesday, 18 September 2019

TikTok Users Now Need to Be Wary of scammers

TikTok

TikTok has seen a great rise in popularity. Last year alone, TikTok has seen a meteoric rise. It is one of the most downloaded apps on Google Play Store and Apple App Store.

What is TikTok? 


TikTok is video sharing app developed by a Chinese Internet technology company called ByteDance. It is a 15 second video making app and one of the most popular video sharing apps. Initially it was launched in China as Douyin in September 2016. A year later, it was open to the international market under the name of TikTok.

According to a CNN Business report dated June 2019, TikTok has more than one billion monthly active users. With TikTok, users can create and share short videos with special effects.

TikTok has seen a meteoric rise in the Indian market. According to the app analytics firm, Sensor Tower, the app was downloaded more than 240 million times in February alone.

The app is very popular, but many say that the content is inappropriate.

Due to its increasing popularity among the masses, the scammers too are not to be left far behind. They are looking for ways to commit fraudulent transactions. There was a report that was published by a cyber security company called Tenable stating that TikTok is becoming a platform for adult dating scams. The report claims that the scam makes users sign up for an adult dating website.


TikTok as a platform for adult dating websites


The unsuspecting users sign up on the adult dating websites.

The TikTok profiles that are shown in the accounts contain nude pictures and are stolen from other websites. The idea behind this is to increase the likes of the account and increase the popularity of the given profile.

According to Tenable, the fake profiles show up in the ‘For You’ section page. This has been placed there by TikTok, though it is not known how this happens. The scammers force the users to go to Snapchat accounts where there are videos on nudity. Once the users go to Snapchat where they add adult based accounts, they will encounter a Snapchat story. This will show videos of an unknown person either being sexually suggestive or showing nudity. There will be an emoji or a sticker that will cover the explicit portion of the video.

From the Snapchat account, the unsuspecting user will be directed to adult dating websites. The user will be asked their age and then be directed to a sign in page. After filling in their information, the user will be directed to the actual adult dating website. Here again, they will need to fill the sign up page.

The scammers benefit by generating revenue. They maximize their cost per action to generate revenue. Every time a user signs up, the scammers get paid. A scammer gets paid between $1 and $3 for a qualified lead based on the geographical region, age category or a new user account.

Another way of scamming users is asking them to subscribe to a ‘premium’ Snapchat account. Here the scammers earn revenue when they post not-safe-for-work (NSFW) Snaps from a more private account.

How is TikTok protecting its users? 


They say there are strict policies in place. They flag and remove the spam accounts before they reach the users account.
The number of scammers are increasing and TikTok needs to take stringent steps to wipe out these fraudulent activities.

Sunday, 1 September 2019

Google Bug Bounty to provide security for Android Apps

Google Bug Bounty
Many apps on Google Play Store have malware which have been discovered recently. In order to increase security of the apps, Google is seeking help from the public too. Google is regularly improving their security and privacy of their products. The Google Bug Bounty provides security for Android apps.

What is Google Bug Bounty?

Google is offering a wide range of vulnerability reward programs to encourage the people and developers to improve security for everyone. As part of the Google Bug Bounty program there are changes to the Google Play Security Reward Program (GPSRP). In addition to the Google Bug Bounty program, they are also launching the new Developer Data Protection Reward Program (DDPRP).

How does Bug Bounty offer changes to the (GPSRP)

Google Play Security Reward Program offers rewards to the developers who find any security breach on the apps. Earlier, there were only eight top apps which were included in the program. Now, any app from Play Store that has more than 100 million installs come under this program.In case a developer comes across any security breach in an app, they need to report it to Google. They can then claim a bounty of up to $20,000.

As part of Google Bug Bounty program under the GPSRP, all these apps are eligible for rewards. This is even in the eventuality of the app developer not having their own vulnerability disclosure or bug bounty program. Google will disclose the vulnerabilities to the concerned app developer. In this way the security researchers help the app developers to identify and fix the malware in their apps.

In case the developers have their bounty programs, the researchers can collect their rewards from the developer and from Google. From GPSRP, which is a part of the Google Bug Bounty Program, vulnerable data can be identified. With this Google can create automated checks to scan all the apps in Google Play for any malware.

The app developers who are affected will then be notified through Play Console. Play Console is part of the App Security Improvement (ASI) program. This program gives information on the malware and how they should fix the problem. Till date, ASI has helped over 30,000 developers fix more than 1,000,000 apps on Google Play. According to the Bug Bounty program, GPSRP has paid over $265,000 in bounties.

Launching of Developer Data Protection Reward Program as part of Google Bug Bounty

DDPRP is a Bug Bounty program which is in collaboration with HackerOne. It will help to identify and fix malware in Android apps, OAuth projects and Chrome extensions. Here, rewards will be given to those who can give complete evidence of data abuse in a similar model as Google’s other vulnerability reward programs.

In this Bug Bounty program, it aims to find out situations where the user data is being used illegitimately, without the consent of the user. There could be a breach related to an app or Chrome extension. That app or extension will be removed from Google Play or Google Chrome Web Store. In case an app developer is involved in data abuse, their API access will be removed. As per the Google Bug Bounty in the DDPRP, a single report could net $50,000 reward.