TikTok for Android phones has been found to track user’s MAC (Media Access Control) addresses for over 15 months before ending the practice back on November 18, last year. The Wall Street Journal’s investigative report sheds some light as to how this was possible as it violates several Play Store policies put in place by Google going back to 2015 when Google restricted third-party apps to collect a phone’s Mac address for pushing advertisements.
However, a familiar loophole allowed many apps to access and record Mac addresses until a formal bug report was submitted to Google last June by Joel Reardon, co-founder of AppCensus. He has indicated that this flaw is widely known and allows “long-term” tracking of user’s behaviour and target ads based on the advertising ID.
In its report, the WSJ highlights that the TikTok Android app collected MAC addresses and other device data along with a 32-digit advertising ID which lets advertisers monitor user’s behaviour online in order to serve them ad recommendations.
However, the Mac addresses can’t be modified, giving TikTok a way to use a technique called ID bridging and match advertising identifiers with MAC addresses. While ID bridging is mostly used by games, it doesn’t require the collection of MAC addresses which is something TikTok was doing. What’s even more surprising that the app sends all this data to Bytedance but under an extra layer of security so that it cannot be discovered by Google.
In a statement to the WSJ, TikTok ensured that the “current version” of the app does not collect MAC addresses. “TikTok is committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges,” it added.
This privacy violation by TikTok comes at a time when the company is facing immense pressure from the US government and an impending ban if the company isn’t able to sell its US operations to a company based in the United States by September 20. Microsoft has been rumoured to be the frontrunner in acquiring TikTok in the US, Canada, Australia and New Zealand and according to a recent report, Bill Gates, co-founder of Microsoft is wary of the deal calling TikTok a “poison chalice”.
In India, TikTok is already facing a blanket ban that was implemented on June 29 along with 58 other apps that were found to be engaged in “activities which is prejudicial to sovereignty and integrity of India, defence of India, the security of the state and public order.” Following the order, TikTok was de-listed from the Play Store and Apple App Store. As per the latest report, TikTok in India is looking to hold off around 2,000 of its employees in India as discussions on its sale is underway.