‘Great Platform’: IT Minister Hails Repackaged & Unsafe Mitron App

Mitron App, which has recently made headlines for being downloaded over 5 million times and hailed as India’s ‘desi’ answer to Tik Tok, has been found to be a repackaged version of a Pakistani app called TicTic.

The Quint had reported on 29 May how Mitron, bought for $34 from Code Canyon, even contained the same security vulnerability present on TicTic.

However, on the same day when Mitron was proven to have not been developed in India by a former IIT Roorkee student, Electronics & IT Minister Ravi Shankar Prasad praised the app as India’s answer to TikTok and Facebook.

Prasad was speaking online at the Prof NR Madhava Menon Memorial Lecture Series organised by the Akhil Bhartiya Adhivakta Parishad.

Adding that “50 lakh downloading has been done,” Prasad also went on to state “this great innovation has appeared in times of COVID – and that is a matter of great assurance.”

Launched on 11 April, the credit for developing the app was given to Shivank Agarwal, a student at IIT Roorkee. Mitron is a short video-making application that allows users to upload short videos of up to 15 seconds.

Two Security Vulnerabilities Found

The Quint had reported that a flaw that is present in the app can allow a malicious actor to force other users to follow any given account, simply by tampering with a few parameters on the ‘follow user’ request.


A day later, it emerged that the app contains another crucial security vulnerability that “could let anyone bypass account authorization for any Mitron user within seconds”, according to The Hackernews.

Rahul Kankrale, a security researcher, discovered this security issue in the way Mitron app implemented 'Login with Google' feature.

Does this mean that the vulnerability has been carried over from the original TicTic source code?

“Yes, the vulnerability is present in TicTic and so has been carried out in Mitron,” Kankrale told The Quint. “As there is no authentication, so any requests could be manipulated,” he added.

The Quint has reached out to Mitron App for comments on the claims made by QBoxus along with details the publication has found. The story will be updated once Mitron responds.

QBoxus has, however, clarified to The Quint that there is no problem with what Mitron’s developer has done and no wrong in the procedure to launch the app. Its founder and CEO stated:

The Pakistani company has raised two specific issues:

1. The real author of the app to be acknowledged and credited instead of attributing Shivank Agarwal as the creator of the app.
2. The absence of any original modifications to the purchased code. “The worst thing is that the developer even didn't bother to fix bugs and issues in the app and directly uploaded it on Play Store, which is really a shame,” he added.