TikTok has been collecting device identifiers for over a year in violation of Android policies
Discovered by a Wall Street Journal investigation, TikTok has said they have discontinued the practice.
Amidst all the security concerns piling up against TikTok, a Wall Street Journal investigation has discovered that TikTok’s Android app has been collecting users’ MAC addresses for 18 months. This violates Android’s rules.
MAC addresses, or Media Access Control addresses, serve as unique identifiers for each user’s device making them useful for both advertising purposes and also for more invasive forms of tracking.
Both the iOS App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy by 2015. However, according to The Verge, TikTok was able to obtain the identifier through a loophole.
But TikTok is not the only app doing this. The WSJ study found almost 350 apps on the Google Play Store that had taken advantage of a similar loophole, usually for ad-targeting.
WSJ reports that TikTok stopped this practice last November and attributed this shift in policy to the mounting political pressure from the US.
A revelation like this comes at a time when TikTok is facing some very tough questions from the Trump administration over its parent company ByteDance’s level of access to US user data and this could be crucial.
The White House cut off all US transactions with ByteDance, via an executive order issued last week, beginning September 20 if the company is unable to complete the sales of its US operations by that time.
WSJ’s revelation goes against TikTok’s argument that the system does not collect any more data than a standard mobile app. When it comes to collecting user data, collecting MAC addresses is mostly done for ad tracking, but it is one of the more invasive forms of the practice.
TikTok told The Verge that they had discontinued the practice and mentioned that the current version of the app does not collect MAC addresses.