TikTok Tracked User Data For 15 Months, WSJ Finds

by Laurie Sullivan @lauriesullivan, August 11, 2020

TikTok "skirted a privacy safeguard" related to Google’s Android operating system to collect unique data identifiers from millions of mobile devices -- information that allowed the app to track users online without allowing them to opt out, The Wall Street Journal reports.

Experts in mobile phone security said TikTok concealed the tactic in "unusual added layer of encryption" that violates Google's policies limiting how apps track people. It also was not disclosed to TikTok users.

Tests show that TikTok ended the practice in November.

The identifiers are called MAC addresses and are most commonly used for advertising purposes.

"The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage," according to the WSJ.

TikTok says it is “committed to protecting the privacy and safety of the TikTok community."

"Like our peers, we constantly update our app to keep up with evolving security challenges," a company spokesperson told the WSJ, adding that the the "current version of TikTok does not collect MAC addresses.”

The MAC address cannot be altered or reset. It allows app makers and third-party analytics firms to build profiles of consumer behavior.

About 1% of Android apps collect MAC addresses, according to the WSJ,citing a 2018 study by AppCensus, a mobile-app analysis firm that consults with companies on their privacy practices.

analytics, android, apps, data, data management, digital, mobile, operating system, privacy, search, social media, tracking

Next story loading