TikTok violated Google policy, tracked Android user data for over a year

TikTok circumvented a privacy safeguard in Google's Android operating system to gather unique identifiers from millions of mobile devices. The Chinese video-sharing app collected data that let it trail users online without allowing them to opt-out.

TikTok had been gathering users' Media Access Control (MAC) addresses for 18 months in contravention withthe platform rules, a Wall Street Journal (WSJ) investigation discovered, reported The Verge, an American technology news website.

In the wake of heightened security concerns against the Chinese app, this violates Google's policies. MAC addresses serve as unique identifiers for each users' device, thereby making them useful for both advertising and intrusive forms of tracking. As a matter of policy, both iOS' App Store and the Google Play had prohibited the collection of MAC addresses in 2015.

Also Read: How US thinks China uses TikTok, WeChat against Americans

Despite the ban, TikTok was able to secure the identifier through a loophole, the investigation stated further.

But TikTok is not the only app in violation of Android policies, the WSJ study noted that around 350 apps on the Google Play Store cashed in on a similar loophole, broadly for ad-targeting purposes. However, amid mounting political pressure from the US government, the ByteDance-owned app stopped the practice in November 2019, says the report.

The discovery comes at a sensitive time for TikTok, which is already facing tough questions from the White House over its Chinese parent company ByteDance's level of access to the US users' data.

The Trump administration had last week issued an executive order to sever all US transactions with the company, beginning September 20, if it is unable to conclude a sale of its US operations by that time.

Also Read: TikTok to sue US government over President Donald Trump's executive order

ByteDance is presently holding talks with Microsoft for the potential sale but the deal might take longer than anticipated, adding further to the frustration of the Trump administration.

WSJ's findings go against TikTok's contention that the system doesn't gather any more data than a standard mobile app. Meanwhile, it told the news website that it had discontinued the practice of collecting MAC addresses, as it constantly updates the app "to keep up with evolving security challenges" and that its current version "doesn't collect MAC addresses".