TikTok’s Android app allegedly gathered unique identifiers for at least 15 months from millions of mobile devices, culminating with an update issued in November of last year. The specific identifiers obtained by the short-video device, called the media access control ( MAC) username, are used mainly to display targeted advertisements. The new announcement comes just days after an executive order was signed by US President Donald Trump to ban TikTok in the region. The software is allegedly meant to help the Chinese Communist Party keep an eye on the US government.
TikTok’s practice of gathering MAC addresses from Android devices seems to have broken Google’s rules, says The Wall Street Journal. Chinese Internet firm ByteDance’s website is said to have stopped the activity in an update released November 18.
Earlier in 2013, third-party Web creators were prohibited from obtaining ios users’ MAC addresses. Google followed the trend in 2015 and restricted the availability of Android devices on Google Play to capture “personally identifiable information or other permanent device identification” like MAC addresses and IMEI numbers. Allegedly, however, TikTok bypassed Google’s limitation by using a workaround that was implemented using a “more circuitous path.”
Suggested Post: Microsoft Opens Beta XCloud Game Streaming This August, Is It A Hit Or Miss?
The Wall Street Journal discovered, during an investigation, that TikTok combined MAC addresses obtained from Android smartphones with other system data and sent it to ByteDance when the software was first installed-just after the customer first used it. Certain app data was said to provide a 32-digit advertisement ID that helps marketers to identify user activity without presenting users with any personal information. Furthermore, users can restore the advertisement ID from their computers, which is not the case for the MAC address, which can not be restored even though the hardware is installed.
Research quoted in the report showed that in 2018, nearly 350 popular Google Play Internet-driven applications had used the Android void that TikTok had created. A researcher was also cited in the article as saying that the bug was well known but yet to be patched by Google. Google did not, however, make any remarks on the subject at the time of publication.
The MAC address will be used by advertisers and third-party analytics companies to maintain track of customer activity because it can not be changed or modified. However, the Wall Street Journal article states that TikTok stored much of the consumer data and transmitted in a “special layer of custom encryption.”
A spokesperson for TikTok said that the latest edition of its software does not capture MAC addresses. “Like our peers, we constantly update our app to keep up with evolving security challenges,” the spokesperson said.
The timing of the recent discovery is very curious, as the Indian government forbade TikTok at the end of June, and the US is now watching the step. The executive order signed last week by the US President may cut it off from both the Apple App Store and Google Play, as well as make ads on the site illegal.