TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with HackerOne. The program invites ethical hackers to submit a wide range of vulnerabilities in the app, including those related to XSS, CSRF, SSRF, SQL Injection, ROP or JOP. TikTok, owned by Chinese-based ByteDance, has been banned in some countries and was on its way to the same fate in the U.S. due to its security practices.
Source: https://threatpost.com/tiktok-bug-bounty-security/160203/