TikTok unlawfully collected unique device identifiers on Android for at least 15 months, according to a new investigation by The Wall Street Journal. The app is said to have been secretly scooping up a piece of data called the MAC address, which is unique for every phone and enables advertisers to identify and track you across the internet.
Since 2015, both Apple and Google have prohibited apps to read devices’ MAC addresses on iOS and Android. TikTok, however, reportedly circumvented these restrictions by engineering a workaround that a study cited by the Journal found inside nearly 350 other Android apps.
MAC addresses can’t be reset and always remain the same for a given device. This practically takes away your ability to start with a clean slate and evade advertising companies. Advertisers can take advantage of this to ID you even when you’re not necessarily logged in.
Therefore, say for any reason, you decide to refresh your advertising profile — an action you can take by heading into a particular app’s preferences or your phone’s settings. Because TikTok has your MAC address too, this move will be rendered ineffective since the app can misuse the personally identifiable data to link your previous advertising profile to the new one.
In its developer guidelines, Google explicitly warns that “a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user.”
The Journal also found an extra layer of encryption inside the TikTok app which it said could be potentially engineered to camouflage these fraudulent data practices. However, a TikTok spokesperson, in a statement sent to Digital Trends, said that the “assertions made in the article misrepresent [their] intentions for using encryption.” “Encryption is a common way to prevent malicious behavior linked to fraudulent activity,” they added.
A Google spokesperson told Digital Trends that the company is investigating the Journal’s findings and has no further comment at the moment.
TikTok abandoned the practice last year in November — a timing many will consider especially suspicious. Around this time, the Chinese short-video video app was under increased scrutiny for its ties to China in the United States as well as several more countries. The White House has accused TikTok of working with the Chinese government to snoop on Americans — claims TikTok has repeatedly denied.
Last week, President Donald Trump signed an executive order that will ban TikTok if it fails to hand over its United States operations to a U.S.-based company.
“Like our peers, we constantly update our app to keep up with evolving security challenges. We encourage our users to download the most current version of TikTok,” commented the TikTok spokesperson further.
