According to a Wall Street Journal Report, China-owned social networking platform TikTok encounters yet another hurdle as findings show the app collected device-specific MAC addresses of Android users for approximately 18 months. The practice was discontinued in late November 2019.
Following such claims, Forbes states that the practices of TikTok violate Google’s privacy policies, which prohibit companies and applications from ID bridging practices to identifiers such as MAC addresses without the knowledge or prior consent of the user.
The social networking app, however, skirted around the policy through a loophole. A 2018 study by AppCensus cited by the Wall Street Journal states that around 347 apps exploited this loophole, mainly for ad targeting purposes.
To gain access to MAC addresses without being required to disclose such practices or giving users the ability to opt-out of such actions, TikTok reportedly resulted in combining its approach with other information such as advertising IDs, maintains Gizmodo.
The report comes at a crucial time in history as the Chinese-owned app continues to face increased scrutiny by the White House over its reach to user data in the country.
Last week, Digital Trends shared that President Donald Trump and the White House passed an executive order banning the app in the country should it fail to find ownership in the United States.
MAC addresses are device-specific identifiers that are unique to every smartphone or mobile phone owner. These cannot be altered or reset unless the device owner decides to purchase another device.
By obtaining these, companies such as TikTok and even parent company ByteDance could expose users to potential tracking and ad-targeting campaigns in the future.
While the Wall Street Journal acknowledges the possible line of defense that the Chinese-owned social media networking app can provide, that the program does not mine personal information more than other similar apps, the Journal states that MAC address collection is a more exploitative and invasive form of ad-targeting.
More than obtaining the device-specific identifiers, the Wall Street Journal’s study on the incident found that TikTok gave an additional layer of encryption to the collected data, thereby helping the company do away with the malicious collection practices.
The Verge states that the social networking platform only revealed its collection ‘reminder’ as a pop-up message notification during installation, rather than explicitly gaining consent fro users.
When asked for comment on the issue, a company spokesperson for TikTok said, “We constantly update our app to keep up with evolving security challenges, and the current version of TikTok does not collect MAC addresses. We always encourage our users to download the most current version of TikTok.”