The tactic, which according to experts in the field of mobile security was hidden behind in a layer of coding, violated Google’s policy of limiting the way an app can track people. According to a study by the Wall Street Journal, Tiktok stopped using this tactic as early as November.
The test findings come at a time when the app’s parent company, the Chinese company BiteDance, is under attack by the White House, which claims that the information gathered will be used by the Chinese government to spy on US government employees. Tiktok denied that they shared the personal information with the Chinese government and clarified that the data they collected were used for their advertising purposes only.
A company spokesman issued a statement stressing that the company “is committed to protecting the privacy and security of the Tiktok community”, and clarified that the company is constantly updating the app to meet evolving security challenges. “Google said the company is reviewing the findings.
According to a study conducted in 2018, around 1% of the active applications in Android collect MAC addresses (the physical address of the device on the network). These addresses are used by apps with advertisements to locate users and send them marketing alerts accordingly. This allows app creators and external research companies to build consumer behavior profiles. “This is a way to ensure long-term follow-up of users without them having the opportunity to retreat,” responded Joel Reardon, a lecturer at the University of Calgary.
Apple blocked the ability to access such information through their devices as early as 2013 and Google went its own way two years later, however Tiktok was able to circumvent the restrictions on Android.