TikTok collects Android user data using tactics prohibited by Google

TikTok unleashed a privacy protection in Google’s operating system from Google to collect unique identifiers from millions of mobile devices, data that allows the app users to track online without having to choose, an analysis by the Wall Street Journal has found.

The tactic, which experts said in mobile phone security, was hidden by an unusually added layer of encryption, appears to have compromised Google policies, restricting how apps track people and were not disclosed to TikTok users. TikTok ended the practice in November, revealing testing of the Journal.

The findings come at a time when TikTok’s Beijing-based parent company, ByteDance Ltd., is under pressure from the White House over concerns that data collected by the app could be used to help the Chinese government track U.S. government employees or contractors. TikTok has said it does not share data with the Chinese government and would not do so if requested.

The identifiers collected by TikTok, called MAC addresses, are mostly used for advertising purposes. The White House has said it fears data from users could be obtained by the Chinese government and used to build detailed files on individuals for extortion or espionage.

TikTok, which earlier this year said its app collects less personal data than U.S. companies like Facebook Inc. FB,
and GOOGL by Alphabet Inc.,
Google, did not answer detailed questions. In a statement, a spokeswoman said the company is “committed to protecting the privacy and security of the TikTok community. Like our peers, we are constantly updating our app to keep up with new security challenges.” current version of TikTok does not collect MAC addresses. “

An extended version of this report appears on WSJ.com.

Also popular on WSJ.com:

Why are some messages still so hard to find during pandemics?

Russia registers first COVID-19 vaccine despite security concerns.