TikTok collected device-specific addresses of users’ smartphones via its Android app for at least 15 months, using a technique that Google has banned developers from using without user consent, a Wall Street Journal analysis has reportedly found.
The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.
According to the Google Play Developer Policy Center, an app’s advertising identifier “must not be connected to personally-identifiable information or associated with any persistent device identifier” — like a MAC address — “without explicit consent of the user.”
The findings come at a time when TikTok’s Beijing-based parent company, ByteDance Ltd., is under pressure from the White House over concerns that data collected by the app could be used to help the Chinese government track U.S. government employees or contractors. TikTok has said it doesn’t share data with the Chinese government and wouldn’t do so if asked.
The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes.
The popular video-sharing app is facing a potential ban in the U.S. over national-security concerns. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.
In a statement, a TikTok spokesperson said,
“Under the leadership of our Chief Information Security Officer (CISO) Roland Cloutier, who has decades of experience in law enforcement and the financial services industry, we are committed to protecting the privacy and safety of the TikTok community.
We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We have never given any U.S. user data to the Chinese government nor would we do so if asked.”
“We always encourage our users to download the most current version of TikTok.”
Microsoft has confirmed that it is continuing discussions regarding a TikTok acquisition.
