TikTok’s Android app collects MAC addresses of users in violation of platform rules for 18 minutes every month, as discovered by a Wall Street Journal investigation on Tuesday. The addresses would serve as a unique identifier for each user’s device, making them valuable for both advertising and potentially more invasive forms of tracking.
By 2015, both iOS’s App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy, but TikTok was still able to get the identifier through a loophole. A study cited by the Journal found that nearly 350 apps in the Google Play Store benefited from a similar loophole, generally for advertising purposes.
TikTok stopped the practice in November of last year, a shift in policy de Journal attribute to Washington’s emerging political pressure.
The revelation comes at a delicate time for TikTok, which has to deal with difficult questions from the White House about its Chinese parent company’s level of access to US user data. Last week, the White House issued an executive order to begin all U.S. transactions with the company, beginning September 20, if it is unable to complete a sale of its U.S. operations by that time. The company is currently in talks with Microsoft, but it is unclear how far the deal will go.
De Journal findings cut against the best argument in TikTok’s defense that the system does not collect more data than a standard mobile app. Although most commonly used for ad tracking, collecting MAC addresses is one of the more invasive forms of practice.
TikTok was not immediately available for comment.
