Business Today
Loading...

TikTok accessed user private data by tweaking Android OS, says report

A study has found that TikTok was collecting users' devices unique addresses until November 2019 violating Google's policy.

twitter-logoYasmin Ahmed | August 12, 2020 | Updated 13:05 IST
(Source: Reuters)

Highlights

  • A study by the WSJ has revealed that TikTok was storing MAC addresses of Android users until November 2019 whose access was banned by Google.
  • Media Access Control (MAC) addresses are unique identifiers that do not change unless the user buys a new device.
  • MAC addresses are used for target advertising but can be used for nefarious purposes as well.

TikTok until November 2019 was keeping track of the user's Media Access Control (MAC) addresses which is a unique identifier assigned for every user. As per WSJ's report, such information is mainly used for target advertising but it can be used for blackmailing or espionage. In 2015, Google as a policy banned the collection of MAC addresses. Apple locked MAC addresses in 2013 preventing third-party apps from reading the identifier.

TikTok found its way around the restrictions through the loophole to collect MAC addresses. TikTok kept track of users' MAC addresses for at least 15 months, as per the report.

Google did not comment on the loophole but said it was investigating report's findings.

WSJ cited a 2018 study by App Census, a mobile analysis firm that states about 1 per cent of mobile apps get access to MAC addresses of users. The MAC addresses cannot be reset or altered as per the report unless the user decides to buy a new phone.

Joel Reardon, co-founder App Census was of the view that TikTok collected MAC addresses for long-term tracking.

By storing the unchangeable MAC addresses, TikTok used ID bridging, a tactic used by Bytedance to connect old advertising ID links to the new one. "If you uninstall TikTok, reset the ad ID, reinstall TikTok and create a new account, that MAC address will be the same," Reardon told WSJ.

The Journal's study further found that the data collected by TikTok was transmitted to an extra layer of encryption that helped TikTok get away with collecting unwarranted data. Also, Tiktok revealed its collection in the privacy policy and pop-ups requesting user's consent during installation.

Reardon said the encryption did not provide any extra layer of security. "But it does mean that we have no transparency into what's being sent out," Reardon said.

"We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We always encourage our users to download the most current version of TikTok," a TikTok representative told the Verge.

US President Donald Trump has signed an executive order effectively banning TikTok from the US citing the app is a significant threat to national security. It has given its parent company, ByteDance an ultimatum of 45 days to sell TikTok to a US company.

Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close