A separate vulnerability was found in TikTok's advertisement site which was vulnerable to specific hacks known as XSS attacks. India is among the fastest growing markets for ByteDance-owned TikTok, which is used primarily by teenagers and children to share, save and keep private and sensitive videos of themselves.
Accusations of political censorship have been brought against TikTok in recent months, BBC News reported in November of 2019 that a USA teenagers video raising awareness of the alleged Uighur Muslim concentration camps in China resulted in the teen being blocked from posting further content.
Check Point, the Israel-based cyber-security firm, published its findings today on TikTok.
"All of the vulnerabilities we found were all at the heart of TikTok's systems", said Oded Vanunu, head of product vulnerability research for CheckPoint.
To be able to perform these malicious actions, hackers could send app download links to any user's phone number via text messages by impersonating TikTok which allowed them to inject and execute malicious code. While TikTok users are not under any threat, you should make sure you're running the latest version of the app.
All this was possible because TikTok's web infrastructure made it possible to redirect a targeted user to a malicious website that looked like the Chinese developer's homepage.
Dr Luke Deshotels, from TikTok's security team, said: 'TikTok is committed to protecting user data.
"Like many organisations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us", it said in a statement.
'Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. "We hope that this successful resolution will encourage future collaboration with security researchers".
TikTok has been under a lot of scrutiny lately and even the USA government has banned the use of the app on government-owned smartphones in the army.
A U.S. army spokesman told the online publication that TikTok was "considered a cyber threat" and that "we do not allow it on government phones".
The US military has banned troops from using TikTok.
Personnel should also "be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information".
The attackers could also use other vulnerabilities to silently follow a user without them knowing, and then gain the ability to see that user's video IDs as well.
The Border Police said uploading videos to the app from police installations or operations could compromise Israel's security, while the footage itself could "compromise the values and image of the organization", reflecting a concern that sharing videos could hurt the privacy of suspects or show officers behaving inappropriately. According to the researchers, an attacker can send an SMS message to any phone number on behalf of TikTok with a modified download URL to a malicious page created to execute code on a targeted device with already installed TikTok app.
One month later, Pappas reiterated that "TikTok's data centers are located entirely outside of China".