Even as the Supreme Court on Monday requested the Madurai Bench of the Madras High Court (HC) to hear the ban on video streaming application TikTok by Wednesday, cybersecurity experts warned that the app’s download from third-party apps could pose a serious security threat for users.
The apex court on Monday said if the Madras HC fails to hear the TikTok case by April 24, the ban on the app would automatically be vacated.
The directions by the top court came after senior advocate Abhishek Manu Singhvi, appearing for TikTok, submitted that the interim ban on the China-based video streaming app had been placed by the HC without even granting them a hearing.
The app, which has close to 1 million users per day, Singhvi said, is losing close to Rs 4.5 crore in revenues every day. Earlier last week, the top court had refused to interfere in the proceedings going on in the Madras HC. During the hearing on April 16, the HC had sought written submissions from TikTok’s parent company ByteDance and scheduled the case for hearing on April 24.
The Madras HC had on April 3 asked the central government to ban the Chinese video mobile application, saying it “encourages pornography”. Following the court’s directions, the central government had issued directions to Google and Apple to take the app off of their respective platforms.
Cyber threat alarm bells
Last week, Google and Apple had taken the app off their app stores, following the directive from the government to do so. However, the ban has piquéd the interest of non-users as well, with search queries on TikTok and how to download it increasing since last week.
People have also circumvented the ban, downloading the app from third-party app stores such as APKMirror, APKPure and so on. An APK or Android Application Package is the form in which an app is developed and/or tested.
The risk with APKs is that they are vulnerable to ‘backdoors’ that could allow cybercriminals to gain access to people’s devices. “Malicious actors can put up authentic-looking apps with ‘backdoors’ on third-party app stores, which may let cybercriminals or attackers take control of your device and steal all your information. It is also impossible to track where an app goes once it has been downloaded from an APK website or store,” said Ankush Johar, director at Infosec Ventures, which funds innovative cybersecurity companies.
Users who already have TikTok installed on their devices can continue to use it.
There are also other ways to sidestep the ban in its current form. “One can use a virtual private network and download the app, and continue using it. There are hundreds of tutorials on how to download TikTok available after the ban. The problem is users and not the app,” said Indrajeet Bhuyan, a Guwahati-based independent security researcher.
He added that even if the government tries to block access to TikTok servers by asking Internet service providers to block their internet protocol addresses, the company can find a way to skirt that.
Indian digital liberties organisation Internet Freedom Foundation (IFF) has earlier argued that protection of minors from the perils of digital platforms is important, but that bans are the easy way out.
“It is necessary to take a more informed and calibrated approach with the government proactively laying down best practice norms, monitoring compliance, and punishing violators,” the IFF said in a post last week.
At a glance
2012: ByteDance, the parent company of TikTok, was set up in China
$75 bn was its valuation last year as it beat Uber as the most valuable start-up
1 billion no. of downloads that TikTok crossed last year
Indonesia and Bangladesh: Banned in these nations