A new report from The Wall Street Journal alleges that TikTok has been collecting MAC addresses from Android users for months.
Typically an app has the right to collect personal data from users for a number of different purposes. This is something that users need to opt into however. Google also changed its policies in 2015 to ban developers from collecting this type of information about users.
Based on the report, TikTok was able to get around a Google Play Store policy. Allowing it to gather this unique identifier information on its users without them having to opt in. As users were never notified this data would be collected.
This information about TikTok's apparent breach of the Play Store policy comes at an interesting time. At the beginning of August President Donald Trump announced a potential shutdown of the social media app in the US. With the only thing preventing that being the acquisition of TikTok's US operations.
TikTok collected Android user MAC addresses for "at least" 15 months
Collecting data about users at all without the knowledge or consent of the user is likely bad enough.
But based TikTok was apparently gathering this information about its users for a period of at least 15 months. The app is apparently no longer collecting this type of information though. An update that was applied to the app on November 18 of last year is said to have removed the app's ability to do so.
That being said, the fact that the app no longer collects MAC address information probably doesn't do much for TikTok or its parent company ByteDance though. Considering the situation it's already facing over concerns that it poses a security risk to the US.
Data was collected the moment the app was opened for the first time
According to the report users never had the opportunity to opt into the data collection because the app collected it the moment users opened it up for the first time.
Other data, like a device's advertising ID, was also collected by TikTok from Android users alongside the MAC addresses. WSJ also notes that its collection of the data was hidden with an added layer of encryption.
On top of that the encryption is said to have no real security benefit for TikTok. Instead, it was deliberately set up to hide its activities about data collection.