The application Android of TikTok collected MAC addresses of its users for a year and a half, as revealed exclusively the Wall Street Journal . MAC addresses would have served as a unique identifier for each user’s device, making them valuable for both advertising and potentially more invasive forms of tracking.
Both the iOS App Store and the Google Play Store have since 2015 completely prohibited the collection of MAC addresses as a matter of data protection policy, but TikTok could still obtain the identifier through a technical loophole. As revealed by the Journal, almost 350 applications have been found in the Google Play Store that had taken advantage of a similar loophole, almost always with the objective of targeting advertising.
In the opinion, TikTok discontinued the practice in November last year, a change in policy that is attributed to the growing political pressure from Washington.
This revelation comes at a sensitive time for TikTok, which faces tough questions from the White House about the level of access of its Chinese parent company to US user data.
Last week, the US government issued an executive order to cut off all US transactions with the company as of September 20, if it cannot complete the sale of its operations to a US company by then. TikTok is currently negotiating with Microsoft , but it is unclear how far the deal will go.
This disclosure now goes against the best argument in defense of TikTok , which ensures that the system does not collect more data than a standard mobile application. While most often used for ad tracking, MAC address collection is one of the most invasive forms of practice.
TikTok has responded to the WSJ that the practice has long since ceased. “We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses,” says a spokesperson. “We always encourage our users to download the most current version of TikTok.”