Republic of the Philippines

NATIONAL POLICE COMMISSION

PHILIPPINE NATIONAL POLICE, POLICE REGIONAL
OFFICE6 AKLAN POLICE PROVINCIAL OFFICE
Camp Pastor Martelino, New Buswang, Kalibo, Aklan

MEMORANDUM

TO : All COPs/OICs MPS, 1st and 2nd APMFC

FROM : PD, Aklan

SUBJECT : Cyber Security Advieory I Tiktok Android App Vulnerability

DATE : December 5, 2022

1. Reference: Memorandum from CRS dated December 2, 2022 with same subject
as above.

2. This is in reference to the high-severity vulnerability discovered by Microsoft in

the TikTok Android app, which could allow attackers to compromise users' accounts with a
single click.

3. ln connection with the preceding, the vulnerability discovered in the TikTok

Android application allows an attacker to hijack an account without the user's knowledge.
Attackers can also gain access to and modify their victims' TikTok profiles and sensitive
information, such as making public private videos, sending messages, and uploading
videos on their behalf.

4. Despite the fact that the vulnerability was discovered only in the Android version
of the application, all PNP personnel who use TikTok on Android and iOS are advised to
take precautionary measures to harden the security of their accounts. ln addition,
everyone is encouraged to practice basic cybersecurity to avoid becoming a victim of a
cybersecurity attack.

5. ln view of the foregoing, the ITMS recommends the following security guidelines
to protect against the aforementioned vulnerability and similar issues:
a. Avoid clicking links from untrusted sources;

b. Always keep the device and the installed applications updated;

c. Never install applications from untrusted Sources;

d. Avoid opening any links outside the application, including via SMS, to avoid
falling victim to any phishing scams;

e. Limit the amount of information shared applications; and

f. Enforce multi-factor authentication (MFA).

“Life is Beautiful…Kaligtasan Nyo, Sagot Ko. Tulong-tulong Tayo.”

 6. Further, the following are some tips for securing one's TikTok account:
a. Set an account to private:
1) Go to the profile page;

2) Tap three dots in the right-hand corner and select "Privacy and
Settings"; and

3) Select the "Privacy and Safety" option and toggle "Private Account"
on/off.

b. Control the comments on posts:

1) Within "Privacy and Safety", tap "Who can send me comments";

2) Choose "Friends" to limit comments to people you know; and

3) You can also turn off comments on individual videos by going to the menu
button on the video and selecting "Comments off”.

c. Control incoming messages:

1) Within "Privacy and Safety", tap "Who can send messages to me"; and

2) Choose from the various options - "Everyone", "Friends" or "Off”.

7. You may visit itms.pnp.gov.ph to download learning materials regarding

cybersecurity under the Computer Security Tab. Should you have any inquiries or
concerns, you may contact ISSD al 8723-0401 local 6546 or e-mail at
issd.itms@pnp.qov.ph

8. For widest dissemination.

CRISALEO R TOLENTINO
Police Colonel

“Life is Beautiful…Kaligtasan Nyo, Sagot Ko. Tulong-tulong Tayo.”