My son recently exposed a severe security flaw in the Musical.ly app. I brought it to the attention of senior management, the legal department, and tech support, however to my surprise, they have not responded at all and have shown no interest in having this resolved.
Musical.ly promises their users the ability to have private accounts. According to the musical.ly website if you set your account to private “only approved followers can view yoru teeen’s videos” Sadly, this is not true. With only a free downloader app on iOS anyone can see any video on any private account. This is a very disturbing revelation only amplified by the fact that my 11 year old was able to figure this out.
I sat down with my son and we documented the procedure and subsequently reported to everyone that I could reach out to at Musical.ly. Sadly, my report fell upon deaf ears and no one has reached out to me or shown any interest in fixing this gaping hole in their security.
If you, or your child has a Musical.ly account, and you are relying on the private account setting to ensure that the videos are not available to the public, be advised that they are not and anyone can view them.
I’m not publishing the instructions on how to view private accounts, however I have tried to share that info with Musical.ly. As of the writing of this post the security hole is still there.
Update Sunday August 6, 2017 9:22pm
It appears that they finally took notice and the hole has not been closed.