TikTok, the popular video platform, keeps getting on the news for all the wrong reasons. Just last week, the app was under threat of being banned in the US following allegations of the app being used as a spying tool for the Chinese government.
This time, a Wall Street Journal investigation revealed that TikTok’s app has been quietly collecting user data for the past 18 months despite Google policies and systems set in 2015 that banned this practice. It turns out the app was tracking the MAC addresses of its users.
In case you didn’t know, MAC addresses are unique identifiers for each user’s device. This is incredibly valuable for advertisers but it could be used for more invasive forms of tracking.
All this data collection was done using a well-known security flaw that bypassed Android’s protection. Google uses an anonymised advertising ID that users can easily reset compared to MAC addresses. The report stated that TikTok also obscured its actions with an unusual added layer of encryption. But, TikTok is not alone in taking advantage of this loophole as nearly 350 other apps are doing the same.
TikTok said it has stopped this practice in November last year via an update, a shift in policy that the Journal cited as mounting political pressure from Washington. A statement from the company issued to Engadget said “the current version of TikTok does not collect MAC addresses.”
[SOURCE]
