TikTok unlawfully collected unique device identifiers on Android for at least 15 months, finds a new investigation by the Wall Street Journal. The app is said to have been secretly scooping up a piece of data called the MAC address that’s different for every phone and enables advertisers to identify as well as track you across the internet.
Since 2015, both Apple and Google have prohibited apps to read devices’ MAC addresses on iOS and Android. TikTok, however, reportedly circumvented these restrictions by engineering a workaround that a study cited by the Journal found inside nearly 350 other Android apps.
MAC addresses can’t be reset and always remain the same for a given device. This practically takes away your ability to start with a clean slate and evade advertising companies.
Advertisers can take advantage of this to ID you even when you’re not necessarily logged in.
Therefore, say for any reason, you decide to refresh your advertising profile — an action you can take by heading into a particular app’s preferences or your phone’s settings. Because TikTok has your MAC address too, this move will be rendered ineffective since the app can misuse the personally identifiable data to link your previous advertising profile to the new one.
In its developer guidelines, Google explicitly warns that “a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user.”
A TikTok spokesperson told the Journal that it’s “committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges.” “The current version of TikTok does not collect MAC addresses,” they added.
A Google spokesperson told Digital Trends that the company is investigating the Journal’s findings and has no further comment at the moment.
We’ve reached out to TikTok for more information and we’ll update the story when we hear back.
TikTok abandoned the practice last year in November — a timing many will consider especially suspicious. Around this time, the Chinese short-video video app was under increased scrutiny for its ties to China in the United States as well as several more countries. The White House has accused TikTok of working with the Chinese government to snoop on Americans — claims TikTok has repeatedly denied.
Last week, President Donald Trump signed an executive order that will ban TikTok if it fails to hand over its U.S. operations to a US-based company.