TikTok bypassed Google’s Android privacy protections and collected unique identifiers from millions of mobile devices. This allowed the application to track users who were online, writes The Wall Street Journal.
This feature was hidden by an unusual extra layer of encryption. It appears to have violated Google’s policy restricting how apps can track people and was not disclosed to TikTok users.
The app collected user data for at least 15 months, and in November 2019, TikTok stopped this practice, the newspaper writes.
We are talking about MAC addresses – this is an identifier that allows an application to track users on the Internet without the ability to disable this feature.
A Google spokesman said the company is studying the results of the WSJ study and declined to comment on a vulnerability that allows some applications to collect MAC addresses.
In response to the allegations, TikTok officials said the company is constantly updating the app to keep up with emerging security issues. They also added that the current version of TikTok does not collect MAC addresses.
The Federal Trade Commission said MAC addresses are considered personal information under the Children’s Online Privacy Protection Act.