TikTok used an unusual extra layer of encryption to collect the MAC addresses of Android mobile devices.
Analysts at The Wall Street Journal have learned that short video app TikTok managed to bypass privacy protections in the Android operating system. Using this application during the year collected the MAC addresses of millions of devices.
A MAC address is a unique combination of numbers and letters, 48 characters long. In fact, this is the hardware number of the device (computer, smartphone, router), which is assigned at the factory, at the time of production.
Unlike the IP address of a device, changing the MAC address is not easy. It is also called the unique physical address of the device, which allows you to identify the device among millions of other devices.
The collected information allowed TikTok to track users online, writes The Wall Street Journal.
TikTok will be blocked in the US by order of Donald Trump
According to experts, user tracking was hidden using an unusual extra layer of encryption. Such scams violate Google’s policy of limiting how apps can track people, and TikTok didn’t inform users about data collection.
The application collected user data in this way for at least 15 months, and in November 2019, TikTok stopped this practice, the newspaper writes. Google did not comment on the situation, and a TikTok representative said that the current version of the application does not collect MAC addresses.
“We are constantly updating our app to address emerging security issues. We can assure you that the current version of TikTok does not collect MAC addresses." – said the representative of TikTok.
Recall that TikTok is currently banned in India, and the other day, US President Donald Trump signed a decree banning the interaction of American individuals and legal entities with ByteDance, the developer of TikTok.