Skip to main content

TikTok secretly collected unique device IDs for over a year on Android

 

TikTok unlawfully collected unique device identifiers on Android for at least 15 months, according to a new investigation by The Wall Street Journal. The app is said to have been secretly scooping up a piece of data called the MAC address, which is unique for every phone and enables advertisers to identify and track you across the internet.

Recommended Videos

Since 2015, both Apple and Google have prohibited apps to read devices’ MAC addresses on iOS and Android. TikTok, however, reportedly circumvented these restrictions by engineering a workaround that a study cited by the Journal found inside nearly 350 other Android apps.

MAC addresses can’t be reset and always remain the same for a given device. This practically takes away your ability to start with a clean slate and evade advertising companies. Advertisers can take advantage of this to ID you even when you’re not necessarily logged in.

Therefore, say for any reason, you decide to refresh your advertising profile — an action you can take by heading into a particular app’s preferences or your phone’s settings. Because TikTok has your MAC address too, this move will be rendered ineffective since the app can misuse the personally identifiable data to link your previous advertising profile to the new one.

In its developer guidelines, Google explicitly warns that “a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user.”

The Journal also found an extra layer of encryption inside the TikTok app which it said could be potentially engineered to camouflage these fraudulent data practices. However, a TikTok spokesperson, in a statement sent to Digital Trends, said that the “assertions made in the article misrepresent [their] intentions for using encryption.” “Encryption is a common way to prevent malicious behavior linked to fraudulent activity,” they added.

A Google spokesperson told Digital Trends that the company is investigating the Journal’s findings and has no further comment at the moment.

TikTok abandoned the practice last year in November — a timing many will consider especially suspicious. Around this time, the Chinese short-video video app was under increased scrutiny for its ties to China in the United States as well as several more countries. The White House has accused TikTok of working with the Chinese government to snoop on Americans — claims TikTok has repeatedly denied.

Last week, President Donald Trump signed an executive order that will ban TikTok if it fails to hand over its United States operations to a U.S.-based company.

“Like our peers, we constantly update our app to keep up with evolving security challenges. We encourage our users to download the most current version of TikTok,” commented the TikTok spokesperson further.

Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
TikTok users sue to overturn Montana’s statewide ban of app
TikTok logo on an iPhone.

A group of TikTok users has sued the state of Montana in a bid to overturn its plan to ban the app from January 1, 2024.

The complaint was filed on Wednesday evening in the U.S. District Court for the District of Montana just hours after Montana Governor Greg Gianforte (R) signed into law a bill banning the Chinese-owned app over concerns it could impact U.S. national security.

Read more
TikTok faces outright ban in first U.S. state
TikTok icon illustration.

TikTok received more bad news on Wednesday after Montana Governor Greg Gianforte (R) signed into law a bill banning the popular app from January 1, 2024.

While more than half of U.S. states have already issued TikTok bans on government-issued devices, Montana’s action against the Chinese-owned app is significant as it’s the first state to impose a total ban on the app.

Read more
Former ByteDance exec claims China had access to TikTok data
TikTok logo on an iPhone.

TikTok is feeling the heat again after a former leading executive at its parent company, Byte Dance, made a series of damning claims in a wrongful dismissal lawsuit filed recently in the San Francisco Superior Court

Among the allegations made by Yintao Yu was that the Chinese Community Party (CCP) “maintained supreme access” to TikTok data stored in the U.S. when he worked for the company between 2017 and 2018.

Read more