TikTok videos may be fun to watch but a lot of people are wary to use the app. There is a reason why the US and India banned the app. A few months ago, we noted the insecure HTTP that made it vulnerable to hijacking accounts. Fast forward to a few months later, we’re learning that it has collected user data using a trick that was already banned by Google. The WSJ reports a privacy safeguard in Android has been skirted by TikTok.
We can’t say we’re not surprised because these Chinese devs really know what to do. Android as a platform isn’t exactly the most secure system either. The danger was that the unique identifiers of millions of users were collected.
The data collected allowed TikTok to track users online without giving them the option to opt out. We highly doubt most users also know they’re being tracked. This is a clear violation of Google policies that limit how apps can track people. TikTok is said to have added a layer of encryption.
Apparently, TikTok didn’t disclose it to the users. The practice has been discontinued since November last year. It could be good news but it doesn’t change the fact that TikTok was collecting something they were not supposed to be collecting.
This report actually makes the case against TikTok stronger. The Trump administration has always been concerned about spying and this could be another reason. But then the people behind TikTok already said they don’t share data with the Chinese government.
As discovered, the MAC addresses were the identifiers being collected by TikTok. They are purely from advertising and marketing purposes only. The newest version of TikTok no longer collects MAC address as per a company representation.